Compare commits
No commits in common. 'c9' and 'i10c-beta' have entirely different histories.
@ -1,2 +1,2 @@
|
|||||||
f7fe130511aeeac40270af38d6892ed63392c7f6 SOURCES/dbus-1.12.20.tar.gz
|
47f03306a491509cdebacded837e51b086835252 SOURCES/dbus-1.14.10.tar.xz
|
||||||
dfffbf214650cd4600454f930c1ebd9919327a11 SOURCES/gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg
|
dfffbf214650cd4600454f930c1ebd9919327a11 SOURCES/gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
SOURCES/dbus-1.12.20.tar.gz
|
SOURCES/dbus-1.14.10.tar.xz
|
||||||
SOURCES/gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg
|
SOURCES/gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg
|
||||||
|
|||||||
@ -1,116 +0,0 @@
|
|||||||
From 8f382ee405ec68850866298ba0574f12e261a6fa Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Tue, 13 Sep 2022 15:10:22 +0100
|
|
||||||
Subject: [PATCH] dbus-marshal-validate: Check brackets in signature nest
|
|
||||||
correctly
|
|
||||||
|
|
||||||
In debug builds with assertions enabled, a signature with incorrectly
|
|
||||||
nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result
|
|
||||||
in an assertion failure.
|
|
||||||
|
|
||||||
In production builds without assertions enabled, a signature with
|
|
||||||
incorrectly nested `()` and `{}` could potentially result in a crash
|
|
||||||
or incorrect message parsing, although we do not have a concrete example
|
|
||||||
of either of these failure modes.
|
|
||||||
|
|
||||||
Thanks: Evgeny Vereshchagin
|
|
||||||
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
|
|
||||||
Resolves: CVE-2022-42010
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
(cherry picked from commit 9d07424e9011e3bbe535e83043d335f3093d2916)
|
|
||||||
(cherry picked from commit 3e53a785dee8d1432156188a2c4260e4cbc78c4d)
|
|
||||||
---
|
|
||||||
dbus/dbus-marshal-validate.c | 38 +++++++++++++++++++++++++++++++++++-
|
|
||||||
1 file changed, 37 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
|
|
||||||
index 4d492f3f3..ae68414dd 100644
|
|
||||||
--- a/dbus/dbus-marshal-validate.c
|
|
||||||
+++ b/dbus/dbus-marshal-validate.c
|
|
||||||
@@ -62,6 +62,8 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
|
|
||||||
|
|
||||||
int element_count;
|
|
||||||
DBusList *element_count_stack;
|
|
||||||
+ char opened_brackets[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2 + 1] = { '\0' };
|
|
||||||
+ char last_bracket;
|
|
||||||
|
|
||||||
result = DBUS_VALID;
|
|
||||||
element_count_stack = NULL;
|
|
||||||
@@ -93,6 +95,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
|
|
||||||
|
|
||||||
while (p != end)
|
|
||||||
{
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth >= 0);
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
|
|
||||||
+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth] == '\0');
|
|
||||||
+
|
|
||||||
switch (*p)
|
|
||||||
{
|
|
||||||
case DBUS_TYPE_BYTE:
|
|
||||||
@@ -136,6 +142,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
|
|
||||||
+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
|
|
||||||
+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_STRUCT_BEGIN_CHAR;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case DBUS_STRUCT_END_CHAR:
|
|
||||||
@@ -151,9 +161,20 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
|
|
||||||
+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
|
|
||||||
+
|
|
||||||
+ if (last_bracket != DBUS_STRUCT_BEGIN_CHAR)
|
|
||||||
+ {
|
|
||||||
+ result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
_dbus_list_pop_last (&element_count_stack);
|
|
||||||
|
|
||||||
struct_depth -= 1;
|
|
||||||
+ opened_brackets[struct_depth + dict_entry_depth] = '\0';
|
|
||||||
break;
|
|
||||||
|
|
||||||
case DBUS_DICT_ENTRY_BEGIN_CHAR:
|
|
||||||
@@ -178,6 +199,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
|
|
||||||
+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
|
|
||||||
+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_DICT_ENTRY_BEGIN_CHAR;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case DBUS_DICT_ENTRY_END_CHAR:
|
|
||||||
@@ -186,8 +211,19 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
|
|
||||||
result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
+
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
|
|
||||||
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
|
|
||||||
+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
|
|
||||||
+
|
|
||||||
+ if (last_bracket != DBUS_DICT_ENTRY_BEGIN_CHAR)
|
|
||||||
+ {
|
|
||||||
+ result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
dict_entry_depth -= 1;
|
|
||||||
+ opened_brackets[struct_depth + dict_entry_depth] = '\0';
|
|
||||||
|
|
||||||
element_count =
|
|
||||||
_DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
@ -1,57 +0,0 @@
|
|||||||
From 3b8a7aff228770f4f7b478db606b10cceacea875 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Mon, 12 Sep 2022 13:14:18 +0100
|
|
||||||
Subject: [PATCH] dbus-marshal-validate: Validate length of arrays of
|
|
||||||
fixed-length items
|
|
||||||
|
|
||||||
This fast-path previously did not check that the array was made up
|
|
||||||
of an integer number of items. This could lead to assertion failures
|
|
||||||
and out-of-bounds accesses during subsequent message processing (which
|
|
||||||
assumes that the message has already been validated), particularly after
|
|
||||||
the addition of _dbus_header_remove_unknown_fields(), which makes it
|
|
||||||
more likely that dbus-daemon will apply non-trivial edits to messages.
|
|
||||||
|
|
||||||
Thanks: Evgeny Vereshchagin
|
|
||||||
Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays"
|
|
||||||
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
|
|
||||||
Resolves: CVE-2022-42011
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
(cherry picked from commit 079bbf16186e87fb0157adf8951f19864bc2ed69)
|
|
||||||
(cherry picked from commit b9e6a7523085a2cfceaffca7ba1ab4251f12a984)
|
|
||||||
---
|
|
||||||
dbus/dbus-marshal-validate.c | 13 ++++++++++++-
|
|
||||||
1 file changed, 12 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
|
|
||||||
index ae68414dd..7d0d6cf72 100644
|
|
||||||
--- a/dbus/dbus-marshal-validate.c
|
|
||||||
+++ b/dbus/dbus-marshal-validate.c
|
|
||||||
@@ -503,13 +503,24 @@ validate_body_helper (DBusTypeReader *reader,
|
|
||||||
*/
|
|
||||||
if (dbus_type_is_fixed (array_elem_type))
|
|
||||||
{
|
|
||||||
+ /* Note that fixed-size types all have sizes equal to
|
|
||||||
+ * their alignments, so this is really the item size. */
|
|
||||||
+ alignment = _dbus_type_get_alignment (array_elem_type);
|
|
||||||
+ _dbus_assert (alignment == 1 || alignment == 2 ||
|
|
||||||
+ alignment == 4 || alignment == 8);
|
|
||||||
+
|
|
||||||
+ /* Because the alignment is a power of 2, this is
|
|
||||||
+ * equivalent to: (claimed_len % alignment) != 0,
|
|
||||||
+ * but avoids slower integer division */
|
|
||||||
+ if ((claimed_len & (alignment - 1)) != 0)
|
|
||||||
+ return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
|
|
||||||
+
|
|
||||||
/* bools need to be handled differently, because they can
|
|
||||||
* have an invalid value
|
|
||||||
*/
|
|
||||||
if (array_elem_type == DBUS_TYPE_BOOLEAN)
|
|
||||||
{
|
|
||||||
dbus_uint32_t v;
|
|
||||||
- alignment = _dbus_type_get_alignment (array_elem_type);
|
|
||||||
|
|
||||||
while (p < array_end)
|
|
||||||
{
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
@ -1,73 +0,0 @@
|
|||||||
From 51a5bbf9074855b0f4a353ed309938b196c13525 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Fri, 30 Sep 2022 13:46:31 +0100
|
|
||||||
Subject: [PATCH] dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed
|
|
||||||
|
|
||||||
When a D-Bus message includes attached file descriptors, the body of the
|
|
||||||
message contains unsigned 32-bit indexes pointing into an out-of-band
|
|
||||||
array of file descriptors. Some D-Bus APIs like GLib's GDBus refer to
|
|
||||||
these indexes as "handles" for the associated fds (not to be confused
|
|
||||||
with a Windows HANDLE, which is a kernel object).
|
|
||||||
|
|
||||||
The assertion message removed by this commit is arguably correct up to
|
|
||||||
a point: fd-passing is only reasonable on a local machine, and no known
|
|
||||||
operating system allows processes of differing endianness even on a
|
|
||||||
multi-endian ARM or PowerPC CPU, so it makes little sense for the sender
|
|
||||||
to specify a byte-order that differs from the byte-order of the recipient.
|
|
||||||
|
|
||||||
However, this doesn't account for the fact that a malicious sender
|
|
||||||
doesn't have to restrict itself to only doing things that make sense.
|
|
||||||
On a system with untrusted local users, a message sender could crash
|
|
||||||
the system dbus-daemon (a denial of service) by sending a message in
|
|
||||||
the opposite endianness that contains handles to file descriptors.
|
|
||||||
|
|
||||||
Before this commit, if assertions are enabled, attempting to byteswap
|
|
||||||
a fd index would cleanly crash the message recipient with an assertion
|
|
||||||
failure. If assertions are disabled, attempting to byteswap a fd index
|
|
||||||
would silently do nothing without advancing the pointer p, causing the
|
|
||||||
message's type and the pointer into its contents to go out of sync, which
|
|
||||||
can result in a subsequent crash (the crash demonstrated by fuzzing was
|
|
||||||
a use-after-free, but other failure modes might be possible).
|
|
||||||
|
|
||||||
In principle we could resolve this by rejecting wrong-endianness messages
|
|
||||||
from a local sender, but it's actually simpler and less code to treat
|
|
||||||
wrong-endianness messages as valid and byteswap them.
|
|
||||||
|
|
||||||
Thanks: Evgeny Vereshchagin
|
|
||||||
Fixes: ba7daa60 "unix-fd: add basic marshalling code for unix fds"
|
|
||||||
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
|
|
||||||
Resolves: CVE-2022-42012
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
(cherry picked from commit 236f16e444e88a984cf12b09225e0f8efa6c5b44)
|
|
||||||
(cherry picked from commit 3fb065b0752db1e298e4ada52cf4adc414f5e946)
|
|
||||||
---
|
|
||||||
dbus/dbus-marshal-byteswap.c | 6 +-----
|
|
||||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/dbus/dbus-marshal-byteswap.c b/dbus/dbus-marshal-byteswap.c
|
|
||||||
index 27695aafb..7104e9c63 100644
|
|
||||||
--- a/dbus/dbus-marshal-byteswap.c
|
|
||||||
+++ b/dbus/dbus-marshal-byteswap.c
|
|
||||||
@@ -61,6 +61,7 @@ byteswap_body_helper (DBusTypeReader *reader,
|
|
||||||
case DBUS_TYPE_BOOLEAN:
|
|
||||||
case DBUS_TYPE_INT32:
|
|
||||||
case DBUS_TYPE_UINT32:
|
|
||||||
+ case DBUS_TYPE_UNIX_FD:
|
|
||||||
{
|
|
||||||
p = _DBUS_ALIGN_ADDRESS (p, 4);
|
|
||||||
*((dbus_uint32_t*)p) = DBUS_UINT32_SWAP_LE_BE (*((dbus_uint32_t*)p));
|
|
||||||
@@ -188,11 +189,6 @@ byteswap_body_helper (DBusTypeReader *reader,
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
- case DBUS_TYPE_UNIX_FD:
|
|
||||||
- /* fds can only be passed on a local machine, so byte order must always match */
|
|
||||||
- _dbus_assert_not_reached("attempted to byteswap unix fds which makes no sense");
|
|
||||||
- break;
|
|
||||||
-
|
|
||||||
default:
|
|
||||||
_dbus_assert_not_reached ("invalid typecode in supposedly-validated signature");
|
|
||||||
break;
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
@ -1,292 +0,0 @@
|
|||||||
From b159849e031000d1dbc1ab876b5fc78a3ce9b534 Mon Sep 17 00:00:00 2001
|
|
||||||
From: hongjinghao <q1204531485@163.com>
|
|
||||||
Date: Mon, 5 Jun 2023 18:17:06 +0100
|
|
||||||
Subject: [PATCH 1/2] bus: Assign a serial number for messages from the driver
|
|
||||||
|
|
||||||
Normally, it's enough to rely on a message being given a serial number
|
|
||||||
by the DBusConnection just before it is actually sent. However, in the
|
|
||||||
rare case where the policy blocks the driver from sending a message
|
|
||||||
(due to a deny rule or the outgoing message quota being full), we need
|
|
||||||
to get a valid serial number sooner, so that we can copy it into the
|
|
||||||
DBUS_HEADER_FIELD_REPLY_SERIAL field (which is mandatory) in the error
|
|
||||||
message sent to monitors. Otherwise, the dbus-daemon will crash with
|
|
||||||
an assertion failure if at least one Monitoring client is attached,
|
|
||||||
because zero is not a valid serial number to copy.
|
|
||||||
|
|
||||||
This fixes a denial-of-service vulnerability: if a privileged user is
|
|
||||||
monitoring the well-known system bus using a Monitoring client like
|
|
||||||
dbus-monitor or `busctl monitor`, then an unprivileged user can cause
|
|
||||||
denial-of-service by triggering this crash. A mitigation for this
|
|
||||||
vulnerability is to avoid attaching Monitoring clients to the system
|
|
||||||
bus when they are not needed. If there are no Monitoring clients, then
|
|
||||||
the vulnerable code is not reached.
|
|
||||||
|
|
||||||
Co-authored-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
Resolves: dbus/dbus#457
|
|
||||||
---
|
|
||||||
bus/connection.c | 15 +++++++++++++++
|
|
||||||
dbus/dbus-connection-internal.h | 2 ++
|
|
||||||
dbus/dbus-connection.c | 11 ++++++++++-
|
|
||||||
3 files changed, 27 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/bus/connection.c b/bus/connection.c
|
|
||||||
index a41b790b..4d46992c 100644
|
|
||||||
--- a/bus/connection.c
|
|
||||||
+++ b/bus/connection.c
|
|
||||||
@@ -2376,6 +2376,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
|
|
||||||
if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS))
|
|
||||||
return FALSE;
|
|
||||||
|
|
||||||
+ /* Make sure the message has a non-zero serial number, otherwise
|
|
||||||
+ * bus_transaction_capture_error_reply() will not be able to mock up
|
|
||||||
+ * a corresponding reply for it. Normally this would be delayed until
|
|
||||||
+ * the first time we actually send the message out from a
|
|
||||||
+ * connection, when the transaction is committed, but that's too late
|
|
||||||
+ * in this case.
|
|
||||||
+ */
|
|
||||||
+ if (dbus_message_get_serial (message) == 0)
|
|
||||||
+ {
|
|
||||||
+ dbus_uint32_t next_serial;
|
|
||||||
+
|
|
||||||
+ next_serial = _dbus_connection_get_next_client_serial (connection);
|
|
||||||
+ dbus_message_set_serial (message, next_serial);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (bus_connection_is_active (connection))
|
|
||||||
{
|
|
||||||
if (!dbus_message_set_destination (message,
|
|
||||||
diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h
|
|
||||||
index 912b546e..747e6e54 100644
|
|
||||||
--- a/dbus/dbus-connection-internal.h
|
|
||||||
+++ b/dbus/dbus-connection-internal.h
|
|
||||||
@@ -57,6 +57,8 @@ DBUS_PRIVATE_EXPORT
|
|
||||||
DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection);
|
|
||||||
DBUS_PRIVATE_EXPORT
|
|
||||||
void _dbus_connection_unref_unlocked (DBusConnection *connection);
|
|
||||||
+DBUS_PRIVATE_EXPORT
|
|
||||||
+dbus_uint32_t _dbus_connection_get_next_client_serial (DBusConnection *connection);
|
|
||||||
void _dbus_connection_queue_received_message_link (DBusConnection *connection,
|
|
||||||
DBusList *link);
|
|
||||||
dbus_bool_t _dbus_connection_has_messages_to_send_unlocked (DBusConnection *connection);
|
|
||||||
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
|
|
||||||
index 105bdf4e..34380293 100644
|
|
||||||
--- a/dbus/dbus-connection.c
|
|
||||||
+++ b/dbus/dbus-connection.c
|
|
||||||
@@ -1461,7 +1461,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection)
|
|
||||||
_dbus_connection_last_unref (connection);
|
|
||||||
}
|
|
||||||
|
|
||||||
-static dbus_uint32_t
|
|
||||||
+/**
|
|
||||||
+ * Allocate and return the next non-zero serial number for outgoing messages.
|
|
||||||
+ *
|
|
||||||
+ * This method is only valid to call from single-threaded code, such as
|
|
||||||
+ * the dbus-daemon, or with the connection lock held.
|
|
||||||
+ *
|
|
||||||
+ * @param connection the connection
|
|
||||||
+ * @returns A suitable serial number for the next message to be sent on the connection.
|
|
||||||
+ */
|
|
||||||
+dbus_uint32_t
|
|
||||||
_dbus_connection_get_next_client_serial (DBusConnection *connection)
|
|
||||||
{
|
|
||||||
dbus_uint32_t serial;
|
|
||||||
--
|
|
||||||
2.40.1
|
|
||||||
|
|
||||||
|
|
||||||
From 986611ad0f7f67a3693e5672cd66bc608c00b228 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Mon, 5 Jun 2023 18:51:22 +0100
|
|
||||||
Subject: [PATCH 2/2] monitor test: Reproduce dbus/dbus#457
|
|
||||||
|
|
||||||
The exact failure mode reported in dbus/dbus#457 is quite difficult
|
|
||||||
to achieve in a reliable way in a unit test, because we'd have to send
|
|
||||||
enough messages to a client to fill up its queue, then stop that client
|
|
||||||
from draining its queue, while still triggering a message that gets a
|
|
||||||
reply from the bus driver. However, we can trigger the same crash in a
|
|
||||||
slightly different way by not allowing the client to receive a
|
|
||||||
particular message. I chose NameAcquired.
|
|
||||||
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
---
|
|
||||||
.../valid-config-files/forbidding.conf.in | 3 +
|
|
||||||
test/monitor.c | 77 ++++++++++++++++---
|
|
||||||
2 files changed, 71 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/test/data/valid-config-files/forbidding.conf.in b/test/data/valid-config-files/forbidding.conf.in
|
|
||||||
index d145613c..58b3cc6a 100644
|
|
||||||
--- a/test/data/valid-config-files/forbidding.conf.in
|
|
||||||
+++ b/test/data/valid-config-files/forbidding.conf.in
|
|
||||||
@@ -24,5 +24,8 @@
|
|
||||||
<allow send_interface="com.example.CannotUnicast2" send_broadcast="true"/>
|
|
||||||
|
|
||||||
<deny receive_interface="com.example.CannotReceive"/>
|
|
||||||
+
|
|
||||||
+ <!-- Used to reproduce dbus#457 -->
|
|
||||||
+ <deny receive_interface="org.freedesktop.DBus" receive_member="NameAcquired"/>
|
|
||||||
</policy>
|
|
||||||
</busconfig>
|
|
||||||
diff --git a/test/monitor.c b/test/monitor.c
|
|
||||||
index d5a54b00..846a980c 100644
|
|
||||||
--- a/test/monitor.c
|
|
||||||
+++ b/test/monitor.c
|
|
||||||
@@ -155,6 +155,21 @@ static Config side_effects_config = {
|
|
||||||
TRUE
|
|
||||||
};
|
|
||||||
|
|
||||||
+static dbus_bool_t
|
|
||||||
+config_forbids_name_acquired_signal (const Config *config)
|
|
||||||
+{
|
|
||||||
+ if (config == NULL)
|
|
||||||
+ return FALSE;
|
|
||||||
+
|
|
||||||
+ if (config->config_file == NULL)
|
|
||||||
+ return FALSE;
|
|
||||||
+
|
|
||||||
+ if (strcmp (config->config_file, forbidding_config.config_file) == 0)
|
|
||||||
+ return TRUE;
|
|
||||||
+
|
|
||||||
+ return FALSE;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static inline const char *
|
|
||||||
not_null2 (const char *x,
|
|
||||||
const char *fallback)
|
|
||||||
@@ -253,9 +268,6 @@ do { \
|
|
||||||
|
|
||||||
#define assert_name_acquired(m) \
|
|
||||||
do { \
|
|
||||||
- DBusError _e = DBUS_ERROR_INIT; \
|
|
||||||
- const char *_s; \
|
|
||||||
- \
|
|
||||||
g_assert_cmpstr (dbus_message_type_to_string (dbus_message_get_type (m)), \
|
|
||||||
==, dbus_message_type_to_string (DBUS_MESSAGE_TYPE_SIGNAL)); \
|
|
||||||
g_assert_cmpstr (dbus_message_get_sender (m), ==, DBUS_SERVICE_DBUS); \
|
|
||||||
@@ -265,7 +277,14 @@ do { \
|
|
||||||
g_assert_cmpstr (dbus_message_get_signature (m), ==, "s"); \
|
|
||||||
g_assert_cmpint (dbus_message_get_serial (m), !=, 0); \
|
|
||||||
g_assert_cmpint (dbus_message_get_reply_serial (m), ==, 0); \
|
|
||||||
+} while (0)
|
|
||||||
+
|
|
||||||
+#define assert_unique_name_acquired(m) \
|
|
||||||
+do { \
|
|
||||||
+ DBusError _e = DBUS_ERROR_INIT; \
|
|
||||||
+ const char *_s; \
|
|
||||||
\
|
|
||||||
+ assert_name_acquired (m); \
|
|
||||||
dbus_message_get_args (m, &_e, \
|
|
||||||
DBUS_TYPE_STRING, &_s, \
|
|
||||||
DBUS_TYPE_INVALID); \
|
|
||||||
@@ -333,6 +352,21 @@ do { \
|
|
||||||
g_assert_cmpint (dbus_message_get_reply_serial (m), !=, 0); \
|
|
||||||
} while (0)
|
|
||||||
|
|
||||||
+/* forbidding.conf does not allow receiving NameAcquired, so if we are in
|
|
||||||
+ * that configuration, then dbus-daemon synthesizes an error reply to itself
|
|
||||||
+ * and sends that to monitors */
|
|
||||||
+#define expect_name_acquired_error(queue, in_reply_to) \
|
|
||||||
+do { \
|
|
||||||
+ DBusMessage *message; \
|
|
||||||
+ \
|
|
||||||
+ message = g_queue_pop_head (queue); \
|
|
||||||
+ assert_error_reply (message, DBUS_SERVICE_DBUS, DBUS_SERVICE_DBUS, \
|
|
||||||
+ DBUS_ERROR_ACCESS_DENIED); \
|
|
||||||
+ g_assert_cmpint (dbus_message_get_reply_serial (message), ==, \
|
|
||||||
+ dbus_message_get_serial (in_reply_to)); \
|
|
||||||
+ dbus_message_unref (message); \
|
|
||||||
+} while (0)
|
|
||||||
+
|
|
||||||
/* This is called after processing pending replies to our own method
|
|
||||||
* calls, but before anything else.
|
|
||||||
*/
|
|
||||||
@@ -727,6 +761,11 @@ test_become_monitor (Fixture *f,
|
|
||||||
test_assert_no_error (&f->e);
|
|
||||||
g_assert_cmpint (ret, ==, DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER);
|
|
||||||
|
|
||||||
+ /* If the policy forbids receiving NameAcquired, then we'll never
|
|
||||||
+ * receive it, so behave as though we had */
|
|
||||||
+ if (config_forbids_name_acquired_signal (f->config))
|
|
||||||
+ got_unique = got_a = got_b = got_c = TRUE;
|
|
||||||
+
|
|
||||||
while (!got_unique || !got_a || !got_b || !got_c)
|
|
||||||
{
|
|
||||||
if (g_queue_is_empty (&f->monitored))
|
|
||||||
@@ -1378,6 +1417,7 @@ test_dbus_daemon (Fixture *f,
|
|
||||||
{
|
|
||||||
DBusMessage *m;
|
|
||||||
int res;
|
|
||||||
+ size_t n_expected;
|
|
||||||
|
|
||||||
if (f->address == NULL)
|
|
||||||
return;
|
|
||||||
@@ -1393,7 +1433,12 @@ test_dbus_daemon (Fixture *f,
|
|
||||||
test_assert_no_error (&f->e);
|
|
||||||
g_assert_cmpint (res, ==, DBUS_RELEASE_NAME_REPLY_RELEASED);
|
|
||||||
|
|
||||||
- while (g_queue_get_length (&f->monitored) < 8)
|
|
||||||
+ n_expected = 8;
|
|
||||||
+
|
|
||||||
+ if (config_forbids_name_acquired_signal (context))
|
|
||||||
+ n_expected += 1;
|
|
||||||
+
|
|
||||||
+ while (g_queue_get_length (&f->monitored) < n_expected)
|
|
||||||
test_main_context_iterate (f->ctx, TRUE);
|
|
||||||
|
|
||||||
m = g_queue_pop_head (&f->monitored);
|
|
||||||
@@ -1406,10 +1451,12 @@ test_dbus_daemon (Fixture *f,
|
|
||||||
"NameOwnerChanged", "sss", NULL);
|
|
||||||
dbus_message_unref (m);
|
|
||||||
|
|
||||||
- /* FIXME: should we get this? */
|
|
||||||
m = g_queue_pop_head (&f->monitored);
|
|
||||||
- assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS,
|
|
||||||
- "NameAcquired", "s", f->sender_name);
|
|
||||||
+ assert_name_acquired (m);
|
|
||||||
+
|
|
||||||
+ if (config_forbids_name_acquired_signal (f->config))
|
|
||||||
+ expect_name_acquired_error (&f->monitored, m);
|
|
||||||
+
|
|
||||||
dbus_message_unref (m);
|
|
||||||
|
|
||||||
m = g_queue_pop_head (&f->monitored);
|
|
||||||
@@ -1631,8 +1678,14 @@ static void
|
|
||||||
expect_new_connection (Fixture *f)
|
|
||||||
{
|
|
||||||
DBusMessage *m;
|
|
||||||
+ size_t n_expected;
|
|
||||||
|
|
||||||
- while (g_queue_get_length (&f->monitored) < 4)
|
|
||||||
+ n_expected = 4;
|
|
||||||
+
|
|
||||||
+ if (config_forbids_name_acquired_signal (f->config))
|
|
||||||
+ n_expected += 1;
|
|
||||||
+
|
|
||||||
+ while (g_queue_get_length (&f->monitored) < n_expected)
|
|
||||||
test_main_context_iterate (f->ctx, TRUE);
|
|
||||||
|
|
||||||
m = g_queue_pop_head (&f->monitored);
|
|
||||||
@@ -1649,7 +1702,11 @@ expect_new_connection (Fixture *f)
|
|
||||||
dbus_message_unref (m);
|
|
||||||
|
|
||||||
m = g_queue_pop_head (&f->monitored);
|
|
||||||
- assert_name_acquired (m);
|
|
||||||
+ assert_unique_name_acquired (m);
|
|
||||||
+
|
|
||||||
+ if (config_forbids_name_acquired_signal (f->config))
|
|
||||||
+ expect_name_acquired_error (&f->monitored, m);
|
|
||||||
+
|
|
||||||
dbus_message_unref (m);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1988,6 +2045,8 @@ main (int argc,
|
|
||||||
setup, test_method_call, teardown);
|
|
||||||
g_test_add ("/monitor/forbidden-method", Fixture, &forbidding_config,
|
|
||||||
setup, test_forbidden_method_call, teardown);
|
|
||||||
+ g_test_add ("/monitor/forbidden-reply", Fixture, &forbidding_config,
|
|
||||||
+ setup, test_dbus_daemon, teardown);
|
|
||||||
g_test_add ("/monitor/dbus-daemon", Fixture, NULL,
|
|
||||||
setup, test_dbus_daemon, teardown);
|
|
||||||
g_test_add ("/monitor/selective", Fixture, &selective_config,
|
|
||||||
--
|
|
||||||
2.40.1
|
|
||||||
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl793S8ACgkQ4FrhR4+B
|
|
||||||
TE8Cfg//Ysb9qT9xLUvCCHdmg+efz1DCks9W21MnZ9EN7qIx/mJPZhqpy9nbaHGy
|
|
||||||
xQl2hnYagPZXWy7ly8HpakvzYfjtyRMCd7570n/cMmVXTF5bnfOr1feScrNEEJPc
|
|
||||||
R6LreRPVDPdiKak1bF8VeVLpil89WrtU4xRzcpWxhZLlPiN1ebOSjEKtzaW4sDYB
|
|
||||||
KdLXLRqcVgdm44NZrTB/xic0hJrO6fhTqiJVx6Lc/CoE9FNO+/60/H2PYIWRedSm
|
|
||||||
bEx76RmUJEn1c/+wCyixmiTE0aEWGbKIsTR5mZmnw5BFI9SegQk7cD67kLvqMgpz
|
|
||||||
c+SMl0ivihTgcaH9jPKeg6fEvTTMkuxHQyMgYV5Rwoq0ukTgQ+b+/MjYa5OX0QqY
|
|
||||||
4YLDqNdgVfdNabxAeGvtNoDLwIHuveB151W9/ANTd420uqkWlCjzriEAjyYv8AJt
|
|
||||||
O53dQn6KGos8QmAKyF3dmKKZb7d2XfJLa0byHt84DeM0kAabq7P9ypf4YkbmqLCC
|
|
||||||
Eb8kiP8FbNYaQs9i1L2D4RXK8fnZA88aQVf7yBcILJBsQDI/plZuxmSzZLMBF3dw
|
|
||||||
SxhcGN3ArsoOqqqWnJt65Sxtt95vO9mpOvrHMB9iQWM3X2zVXh+Et8P2QY9HVhCp
|
|
||||||
Xmj3TH9Oc6OjBipqdR8OzdTtc7lnBwjuzMhw6g2S08ZQJovniOE=
|
|
||||||
=cwnZ
|
|
||||||
-----END PGP SIGNATURE-----
|
|
||||||
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmTx9gwACgkQ4FrhR4+B
|
||||||
|
TE/2pg/+Ir3SDeg9BOhbX5BvKGrxlQbGJgkrSPKPm+KHDhOZ4NmTsS4a+YYhhjBm
|
||||||
|
27E2/vFK+pDwTwFhYmygZAgLPQVl9RRVuW/Alq1dgabmdIBVaAfnL5jG+isjD+dV
|
||||||
|
mRXwipJcacrHQtUQoUNWkSI9OxDT+zWY08m8eKQMp2iEfupG7RZkn0BQ0+1+i808
|
||||||
|
Ep6rgbvkI7+eKhrpkmxHnEPSKRWe2qQ74agRoazbhCP0M9VObQsx5J9mTnMTIKOy
|
||||||
|
KVaFVi385nHYj1/igGnpH/XNWhwV7aU8exngiA1Fmoc69ttPaEXvV5JJ0Gf8eXeK
|
||||||
|
LqvZbl5nJotGG3hAkdo9bUQRIXWz9zJ1ZJxTM0tAyk+phwD/2r03tOdSVQ/tNJuW
|
||||||
|
tQOYq7pnHLMiAhiR8+P5mI3FYbKj2BYgJXf1FKu8B+ZQLuiRxGfYzUgIf2SirQk/
|
||||||
|
Tg2axWYnNZZ0X6fWrw5CyiH1fX2uDkGypEMMF6W5Rdd7DFchk4CZm3xlRkPIDEI0
|
||||||
|
9WK4/Y+XLn053V01q1z8vvOruOeecAUsp+/wwk+TpHoyC8XXA4RVFZg1erbxMqZ6
|
||||||
|
zkgs4IBSK3T/NUMpWqkGqtTzfHvmVc796AWCFpJMrB6syX2Mz/DLRQ7itWfL7vgc
|
||||||
|
Af/ybyOCvfZl6nmCLbTUL0kzmJkT0M9uCtSrXEUO9gMBwtOcOIc=
|
||||||
|
=/5FJ
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
Loading…
Reference in new issue