From 8a98ef62b093b2847b91e9bfe5ca16c0724c8ed5 Mon Sep 17 00:00:00 2001 From: cptpcrd Date: Sun, 30 Jul 2023 18:38:22 -0400 Subject: [PATCH 1/3] dbus-sysdeps-unix: Handle empty supplementary group list It is valid for getsockopt(SO_PEERGROUPS) to return len=0; that indicates the process has no supplementary groups. Rather than failing, simply use the returned empty list (and add the primary GID to it). Without this change, calling GetConnectionCredentials on a bus name owned by a process with no supplementary groups does not return the UnixGroupIDs field, even though it is easy to determine that the process only has one GID (the primary GID). (cherry picked from commit f8a7bffd5e4de4b5d580af0f3888540da31afa86) --- dbus/dbus-sysdeps-unix.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index 6b32df66..2ce425d0 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -1977,13 +1977,6 @@ add_groups_to_credentials (int client_fd, _dbus_verbose ("will try again with %lu\n", (unsigned long) len); } - if (len <= 0) - { - _dbus_verbose ("getsockopt(SO_PEERGROUPS) yielded <= 0 bytes: %ld\n", - (long) len); - goto out; - } - if (len > n_gids * sizeof (gid_t)) { _dbus_verbose ("%lu > %zu", (unsigned long) len, n_gids * sizeof (gid_t)); From fa7eaefe7c5acf0110431e43dc6980e8f0e9ae04 Mon Sep 17 00:00:00 2001 From: cptpcrd Date: Mon, 31 Jul 2023 19:33:33 -0400 Subject: [PATCH 2/3] dbus-sysdeps-unix: Check socklen_t is unsigned when getting group list After the change to handle an empty list properly, the function now assumes that is true. (cherry picked from commit 49dd4aba42280c438b1207963f7071bfd7707775) --- dbus/dbus-sysdeps-unix.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index 2ce425d0..099637cb 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -1932,6 +1932,8 @@ add_groups_to_credentials (int client_fd, { #if defined(__linux__) && defined(SO_PEERGROUPS) _DBUS_STATIC_ASSERT (sizeof (gid_t) <= sizeof (dbus_gid_t)); + /* This function assumes socklen_t is unsigned, which is true on Linux */ + _DBUS_STATIC_ASSERT (((socklen_t) -1) > 0); gid_t *buf = NULL; socklen_t len = 1024; dbus_bool_t oom = FALSE; From 43ffc79df852d5cc15ca03c427a79d5c5cb4af72 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 16 Aug 2023 11:31:27 +0100 Subject: [PATCH 3/3] Update NEWS Signed-off-by: Simon McVittie --- NEWS | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 50fe61e0..f21b5b0c 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,11 @@ dbus 1.14.10 (UNRELEASED) ========================= -... +Bug fixes: + +• Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs + field for processes with a valid-but-empty supplementary group list + (dbus!422, cptpcrd) dbus 1.14.8 (2023-06-06) ========================