rpms / dbus-glib

Clone
Source Code
GIT

Blame 0001-CVE-2013-0292-dbus-gproxy-Verify-sender-of-NameOwner.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main origin/f13/master rawhide
  1.   46ed238b46577198d664490240255fc8384cd8f3
  2.   0001-CVE-2013-0292-dbus-gproxy-Verify-sender-of-NameOwner.patch
Blob History Raw
Colin Walters 18f90aa 
From 166978a09cf5edff4028e670b6074215a4c75eca Mon Sep 17 00:00:00 2001
Colin Walters 18f90aa 
From: Colin Walters <walters@verbum.org>
Colin Walters 18f90aa 
Date: Thu, 14 Feb 2013 10:19:34 -0500
Colin Walters 18f90aa 
Subject: [PATCH] CVE-2013-0292: dbus-gproxy: Verify sender of NameOwnerChanged signals to be o.f.DBus
Colin Walters 18f90aa
Colin Walters 18f90aa 
Anyone can hop on the bus and emit a signal whose interface is
Colin Walters 18f90aa 
o.f.DBus; it's expected at the moments that clients (and notably DBus
Colin Walters 18f90aa 
libraries) check the sender.
Colin Walters 18f90aa
Colin Walters 18f90aa 
This could previously be used to trick a system service using dbus-glib
Colin Walters 18f90aa 
into thinking a malicious signal came from a privileged source, by
Colin Walters 18f90aa 
claiming that ownership of the privileged source's well-known name had
Colin Walters 18f90aa 
changed from the privileged source's real unique name to the attacker's
Colin Walters 18f90aa 
unique name.
Colin Walters 18f90aa
Colin Walters 18f90aa 
[altered to be NULL-safe so it won't crash on peer connections -smcv]
Colin Walters 18f90aa 
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Colin Walters 18f90aa 
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Colin Walters 18f90aa 
---
Colin Walters 18f90aa 
 dbus/dbus-gproxy.c |    7 ++++---
Colin Walters 18f90aa 
 1 files changed, 4 insertions(+), 3 deletions(-)
Colin Walters 18f90aa
Colin Walters 18f90aa 
diff --git a/dbus/dbus-gproxy.c b/dbus/dbus-gproxy.c
Colin Walters 18f90aa 
index 2fc52f9..c3ae9ec 100644
Colin Walters 18f90aa 
--- a/dbus/dbus-gproxy.c
Colin Walters 18f90aa 
+++ b/dbus/dbus-gproxy.c
Colin Walters 18f90aa 
@@ -1250,8 +1250,11 @@ dbus_g_proxy_manager_filter (DBusConnection    *connection,
Colin Walters 18f90aa 
       GSList *tmp;
Colin Walters 18f90aa 
       const char *sender;
Colin Walters 18f90aa
Colin Walters 18f90aa 
+      sender = dbus_message_get_sender (message);
Colin Walters 18f90aa 
+
Colin Walters 18f90aa 
       /* First we handle NameOwnerChanged internally */
Colin Walters 18f90aa 
-      if (dbus_message_is_signal (message,
Colin Walters 18f90aa 
+      if (g_strcmp0 (sender, DBUS_SERVICE_DBUS) == 0 &&
Colin Walters 18f90aa 
+	  dbus_message_is_signal (message,
Colin Walters 18f90aa 
 				  DBUS_INTERFACE_DBUS,
Colin Walters 18f90aa 
 				  "NameOwnerChanged"))
Colin Walters 18f90aa 
 	{
Colin Walters 18f90aa 
@@ -1280,8 +1283,6 @@ dbus_g_proxy_manager_filter (DBusConnection    *connection,
Colin Walters 18f90aa 
 	    }
Colin Walters 18f90aa 
 	}
Colin Walters 18f90aa
Colin Walters 18f90aa 
-      sender = dbus_message_get_sender (message);
Colin Walters 18f90aa 
-
Colin Walters 18f90aa 
       /* dbus spec requires these, libdbus validates */
Colin Walters 18f90aa 
       g_assert (dbus_message_get_path (message) != NULL);
Colin Walters 18f90aa 
       g_assert (dbus_message_get_interface (message) != NULL);
Colin Walters 18f90aa 
--
Colin Walters 18f90aa 
1.7.1
Colin Walters 18f90aa
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.