From bfe57d20e9d39d52428e95e493d9af0bd034a82f Mon Sep 17 00:00:00 2001
From: fujiwarat <takao.fujiwara1@gmail.com>
Date: Mon, 15 Jan 2018 14:44:07 +0900
Subject: [PATCH] Added DBus filtering against malware

The proposal prevents non-ower of the GDBusConnection from accessing
DBus methods against malicious usages.

BUG=https://github.com/ibus/ibus/issues/1955

Review URL: https://codereview.appspot.com/335380043
---
 bus/inputcontext.c     | 24 +++++++++++++++++++++++-
 src/ibusengine.c       | 18 +++++++++++++++++-
 src/ibuspanelservice.c | 14 +++++++++++++-
 3 files changed, 53 insertions(+), 3 deletions(-)

diff --git a/bus/inputcontext.c b/bus/inputcontext.c
index d8be9e3f..4f2ecafc 100644
--- a/bus/inputcontext.c
+++ b/bus/inputcontext.c
@@ -2,7 +2,7 @@
 /* vim:set et sts=4: */
 /* ibus - The Input Bus
  * Copyright (C) 2008-2014 Peng Huang <shawn.p.huang@gmail.com>
- * Copyright (C) 2015-2017 Takao Fujiwara <takao.fujiwara1@gmail.com>
+ * Copyright (C) 2015-2018 Takao Fujiwara <takao.fujiwara1@gmail.com>
  * Copyright (C) 2008-2016 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
@@ -1148,6 +1148,20 @@ _ic_set_surrounding_text (BusInputContext       *context,
     g_dbus_method_invocation_return_value (invocation, NULL);
 }
 
+/*
+ * Since IBusService is inherited by IBusImpl, this method cannot be
+ * applied to IBusServiceClass.method_call() directly but can be in
+ * each child class.method_call().
+ */
+static gboolean
+bus_input_context_service_authorized_method (IBusService     *service,
+                                             GDBusConnection *connection)
+{
+    if (ibus_service_get_connection (service) == connection)
+        return TRUE;
+    return FALSE;
+}
+
 /**
  * bus_input_context_service_method_call:
  *
@@ -1197,6 +1211,10 @@ bus_input_context_service_method_call (IBusService            *service,
     };
 
     gint i;
+
+    if (!bus_input_context_service_authorized_method (service, connection))
+        return;
+
     for (i = 0; i < G_N_ELEMENTS (methods); i++) {
         if (g_strcmp0 (method_name, methods[i].method_name) == 0) {
             methods[i].method_callback ((BusInputContext *)service, parameters, invocation);
@@ -1270,6 +1288,9 @@ bus_input_context_service_set_property (IBusService     *service,
                                   error);
     }
 
+    if (!bus_input_context_service_authorized_method (service, connection))
+        return FALSE;
+
     if (g_strcmp0 (property_name, "ContentType") == 0) {
         BusInputContext *context = (BusInputContext *) service;
         _ic_set_content_type (context, value);
@@ -1279,6 +1300,7 @@ bus_input_context_service_set_property (IBusService     *service,
     g_return_val_if_reached (FALSE);
 }
 
+
 gboolean
 bus_input_context_has_focus (BusInputContext *context)
 {
diff --git a/src/ibusengine.c b/src/ibusengine.c
index b2a8022a..da648d11 100644
--- a/src/ibusengine.c
+++ b/src/ibusengine.c
@@ -2,7 +2,8 @@
 /* vim:set et sts=4: */
 /* ibus - The Input Bus
  * Copyright (C) 2008-2013 Peng Huang <shawn.p.huang@gmail.com>
- * Copyright (C) 2008-2013 Red Hat, Inc.
+ * Copyright (C) 2018 Takao Fujiwara <takao.fujiwara1@gmail.com>
+ * Copyright (C) 2008-2018 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -851,6 +852,15 @@ ibus_engine_get_property (IBusEngine *engine,
     }
 }
 
+static gboolean
+ibus_engine_service_authorized_method (IBusService     *service,
+                                       GDBusConnection *connection)
+{
+    if (ibus_service_get_connection (service) == connection)
+        return TRUE;
+    return FALSE;
+}
+
 static void
 ibus_engine_service_method_call (IBusService           *service,
                                  GDBusConnection       *connection,
@@ -876,6 +886,9 @@ ibus_engine_service_method_call (IBusService           *service,
         return;
     }
 
+    if (!ibus_engine_service_authorized_method (service, connection))
+        return;
+
     if (g_strcmp0 (method_name, "ProcessKeyEvent") == 0) {
         guint keyval, keycode, state;
         gboolean retval = FALSE;
@@ -1085,6 +1098,9 @@ ibus_engine_service_set_property (IBusService        *service,
                                   error);
     }
 
+    if (!ibus_engine_service_authorized_method (service, connection))
+        return FALSE;
+
     if (g_strcmp0 (property_name, "ContentType") == 0) {
         guint purpose = 0;
         guint hints = 0;
diff --git a/src/ibuspanelservice.c b/src/ibuspanelservice.c
index 468aa324..33949fa1 100644
--- a/src/ibuspanelservice.c
+++ b/src/ibuspanelservice.c
@@ -3,7 +3,7 @@
 /* ibus - The Input Bus
  * Copyright (c) 2009-2014 Google Inc. All rights reserved.
  * Copyright (C) 2010-2014 Peng Huang <shawn.p.huang@gmail.com>
- * Copyright (C) 2017 Takao Fujiwara <takao.fujiwara1@gmail.com>
+ * Copyright (C) 2017-2018 Takao Fujiwara <takao.fujiwara1@gmail.com>
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -936,6 +936,15 @@ _g_object_unref_if_floating (gpointer instance)
         g_object_unref (instance);
 }
 
+static gboolean
+ibus_panel_service_service_authorized_method (IBusService     *service,
+                                              GDBusConnection *connection)
+{
+    if (ibus_service_get_connection (service) == connection)
+        return TRUE;
+    return FALSE;
+}
+
 static void
 ibus_panel_service_service_method_call (IBusService           *service,
                                         GDBusConnection       *connection,
@@ -961,6 +970,9 @@ ibus_panel_service_service_method_call (IBusService           *service,
         return;
     }
 
+    if (!ibus_panel_service_service_authorized_method (service, connection))
+        return;
+
     if (g_strcmp0 (method_name, "UpdatePreeditText") == 0) {
         GVariant *variant = NULL;
         guint cursor = 0;
-- 
2.14.3