From: Simon McVittie Date: Thu, 1 Jan 2015 23:48:13 +0000 (+0000) Subject: Merge branch 'dbus-1.8' and prepare 1.9.6 X-Git-Tag: dbus-1.9.6^0 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ae9d7149aa9a9f8f276c35b2343e78aaa7c9054c;p=thirdparty%2Fdbus.git Merge branch 'dbus-1.8' and prepare 1.9.6 Conflicts: NEWS configure.ac test/dbus-daemon.c --- ae9d7149aa9a9f8f276c35b2343e78aaa7c9054c diff --cc NEWS index 65f4e3a24,4fc8c0ff6..3ed896674 --- a/NEWS +++ b/NEWS @@@ -1,12 -1,38 +1,38 @@@ - D-Bus 1.9.6 (UNRELEASED) -D-Bus 1.8.14 (2015-01-05) ++D-Bus 1.9.6 (2015-01-05) == - ... -The “40lb of roofing nails” release. ++The “I do have a bread knife” release. + + Security hardening: + + • Do not allow calls to UpdateActivationEnvironment from uids other than + the uid of the dbus-daemon. If a system service installs unsafe + security policy rules that allow arbitrary method calls + (such as CVE-2014-8148) then this prevents memory consumption and + possible privilege escalation via UpdateActivationEnvironment. + + We believe that in practice, privilege escalation here is avoided + by dbus-daemon-launch-helper sanitizing its environment; but + it seems better to be safe. + + • Do not allow calls to UpdateActivationEnvironment or the Stats interface + on object paths other than /org/freedesktop/DBus. Some system services + install unsafe security policy rules that allow arbitrary method calls + to any destination, method and interface with a specified object path; + while less bad than allowing arbitrary method calls, these security + policies are still harmful, since dbus-daemon normally offers the + same API on all object paths and other system services might behave + similarly. + + Other fixes: + + • Add missing initialization so GetExtendedTcpTable doesn't crash on + Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко) -D-Bus 1.8.12 (2014-11-24) +D-Bus 1.9.4 (2014-11-24) == -The “days of fuchsia passed” release. +The “extra-sturdy caramel” release. Fixes: diff --cc bus/stats.c index 859c6a520,20321e5e7..dace0e29d --- a/bus/stats.c +++ b/bus/stats.c @@@ -29,8 -29,8 +29,9 @@@ #include #include "connection.h" + #include "driver.h" #include "services.h" +#include "signals.h" #include "utils.h" #ifdef DBUS_ENABLE_STATS diff --cc configure.ac index ce6f9d6cf,4bd17b7bd..6dcb2818c --- a/configure.ac +++ b/configure.ac @@@ -2,8 -2,8 +2,8 @@@ dnl -*- mode: m4 -* AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) -m4_define([dbus_minor_version], [8]) -m4_define([dbus_micro_version], [14]) +m4_define([dbus_minor_version], [9]) - m4_define([dbus_micro_version], [5]) ++m4_define([dbus_micro_version], [6]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@@ -37,7 -37,7 +37,7 @@@ LT_CURRENT=1 ## increment any time the source changes; set to ## 0 if you increment CURRENT - LT_REVISION=1 -LT_REVISION=10 ++LT_REVISION=2 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has diff --cc test/dbus-daemon.c index bb1d13740,dc0f1317a..1cd51d20a --- a/test/dbus-daemon.c +++ b/test/dbus-daemon.c @@@ -568,72 -457,91 +568,157 @@@ test_creds (Fixture *f #endif } +static void +test_processid (Fixture *f, + gconstpointer context) +{ + const char *unique = dbus_bus_get_unique_name (f->left_conn); + DBusMessage *m = dbus_message_new_method_call (DBUS_SERVICE_DBUS, + DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS, "GetConnectionUnixProcessID"); + DBusPendingCall *pc; + DBusError error = DBUS_ERROR_INIT; + guint32 pid; + + if (m == NULL) + g_error ("OOM"); + + if (!dbus_message_append_args (m, + DBUS_TYPE_STRING, &unique, + DBUS_TYPE_INVALID)) + g_error ("OOM"); + + if (!dbus_connection_send_with_reply (f->left_conn, m, &pc, + DBUS_TIMEOUT_USE_DEFAULT) || + pc == NULL) + g_error ("OOM"); + + dbus_message_unref (m); + m = NULL; + + if (dbus_pending_call_get_completed (pc)) + pending_call_store_reply (pc, &m); + else if (!dbus_pending_call_set_notify (pc, pending_call_store_reply, + &m, NULL)) + g_error ("OOM"); + + while (m == NULL) + test_main_context_iterate (f->ctx, TRUE); + + if (dbus_message_get_args (m, &error, + DBUS_TYPE_UINT32, &pid, + DBUS_TYPE_INVALID)) + { + g_assert_cmpstr (dbus_message_get_signature (m), ==, "u"); + assert_no_error (&error); + + g_message ("GetConnectionUnixProcessID returned %u", pid); + +#ifdef G_OS_UNIX + g_assert_cmpuint (pid, ==, getpid ()); +#elif defined(G_OS_WIN32) + g_assert_cmpuint (pid, ==, GetCurrentProcessId ()); +#else + g_assert_not_reached (); +#endif + } + else + { + g_assert_cmpstr (error.name, ==, DBUS_ERROR_UNIX_PROCESS_ID_UNKNOWN); + +#ifdef PID_SHOULD_WORK + g_error ("Expected pid to be passed, but got %s: %s", + error.name, error.message); +#endif + + dbus_error_free (&error); + } +} + + static void + test_canonical_path_uae (Fixture *f, + gconstpointer context) + { + DBusMessage *m = dbus_message_new_method_call (DBUS_SERVICE_DBUS, + DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS, "UpdateActivationEnvironment"); + DBusPendingCall *pc; + DBusMessageIter args_iter; + DBusMessageIter arr_iter; + + if (m == NULL) + g_error ("OOM"); + + dbus_message_iter_init_append (m, &args_iter); + + /* Append an empty a{ss} (string => string dictionary). */ + if (!dbus_message_iter_open_container (&args_iter, DBUS_TYPE_ARRAY, + "{ss}", &arr_iter) || + !dbus_message_iter_close_container (&args_iter, &arr_iter)) + g_error ("OOM"); + + if (!dbus_connection_send_with_reply (f->left_conn, m, &pc, + DBUS_TIMEOUT_USE_DEFAULT) || + pc == NULL) + g_error ("OOM"); + + dbus_message_unref (m); + m = NULL; + + if (dbus_pending_call_get_completed (pc)) + pending_call_store_reply (pc, &m); + else if (!dbus_pending_call_set_notify (pc, pending_call_store_reply, + &m, NULL)) + g_error ("OOM"); + + while (m == NULL) + test_main_context_iterate (f->ctx, TRUE); + + /* it succeeds */ + g_assert_cmpint (dbus_message_get_type (m), ==, + DBUS_MESSAGE_TYPE_METHOD_RETURN); + + dbus_message_unref (m); + + /* Now try with the wrong object path */ + m = dbus_message_new_method_call (DBUS_SERVICE_DBUS, + "/com/example/Wrong", DBUS_INTERFACE_DBUS, "UpdateActivationEnvironment"); + + if (m == NULL) + g_error ("OOM"); + + dbus_message_iter_init_append (m, &args_iter); + + /* Append an empty a{ss} (string => string dictionary). */ + if (!dbus_message_iter_open_container (&args_iter, DBUS_TYPE_ARRAY, + "{ss}", &arr_iter) || + !dbus_message_iter_close_container (&args_iter, &arr_iter)) + g_error ("OOM"); + + if (!dbus_connection_send_with_reply (f->left_conn, m, &pc, + DBUS_TIMEOUT_USE_DEFAULT) || + pc == NULL) + g_error ("OOM"); + + dbus_message_unref (m); + m = NULL; + + if (dbus_pending_call_get_completed (pc)) + pending_call_store_reply (pc, &m); + else if (!dbus_pending_call_set_notify (pc, pending_call_store_reply, + &m, NULL)) + g_error ("OOM"); + + while (m == NULL) + test_main_context_iterate (f->ctx, TRUE); + + /* it fails, yielding an error message with one string argument */ + g_assert_cmpint (dbus_message_get_type (m), ==, DBUS_MESSAGE_TYPE_ERROR); + g_assert_cmpstr (dbus_message_get_error_name (m), ==, + DBUS_ERROR_ACCESS_DENIED); + g_assert_cmpstr (dbus_message_get_signature (m), ==, "s"); + + dbus_message_unref (m); + } + static void teardown (Fixture *f, gconstpointer context G_GNUC_UNUSED) @@@ -694,12 -598,9 +779,14 @@@ main (int argc g_test_add ("/echo/session", Fixture, NULL, setup, test_echo, teardown); g_test_add ("/echo/limited", Fixture, &limited_config, setup, test_echo, teardown); + g_test_add ("/no-reply/disconnect", Fixture, NULL, + setup, test_no_reply, teardown); + g_test_add ("/no-reply/timeout", Fixture, &finite_timeout_config, + setup, test_no_reply, teardown); g_test_add ("/creds", Fixture, NULL, setup, test_creds, teardown); + g_test_add ("/processid", Fixture, NULL, setup, test_processid, teardown); + g_test_add ("/canonical-path/uae", Fixture, NULL, + setup, test_canonical_path_uae, teardown); return g_test_run (); }