diff --git a/NEWS b/NEWS index 592515bc..807c09ce 100644 --- a/NEWS +++ b/NEWS @@ -35,6 +35,17 @@ Fixes: • in Unix with X11, avoid giving dbus-launch a misleading argv[0] in ps(1) (fd.o #69716, Chengwei Yang) +D-Bus 1.8.4 (2014-06-10) +== + +Security fix: + +• Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service + flaw in dbus-daemon, part of the reference implementation of D-Bus. + Additionally, in highly unusual environments the same flaw could lead to + a side channel between processes that should not be able to communicate. + (CVE-2014-3477, fd.o #78979) + D-Bus 1.8.2 (2014-04-30) == diff --git a/bus/activation.c b/bus/activation.c index fa6c1568..149cca8a 100644 --- a/bus/activation.c +++ b/bus/activation.c @@ -1162,14 +1162,11 @@ bus_activation_service_created (BusActivation *activation, dbus_bool_t bus_activation_send_pending_auto_activation_messages (BusActivation *activation, BusService *service, - BusTransaction *transaction, - DBusError *error) + BusTransaction *transaction) { BusPendingActivation *pending_activation; DBusList *link; - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - /* Check if it's a pending activation */ pending_activation = _dbus_hash_table_lookup_string (activation->pending_activations, bus_service_get_name (service)); @@ -1186,6 +1183,9 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation if (entry->auto_activation && (entry->connection == NULL || dbus_connection_get_is_connected (entry->connection))) { DBusConnection *addressed_recipient; + DBusError error; + + dbus_error_init (&error); addressed_recipient = bus_service_get_primary_owners_connection (service); @@ -1193,8 +1193,22 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation if (!bus_dispatch_matches (transaction, entry->connection, addressed_recipient, - entry->activation_message, error)) - goto error; + entry->activation_message, &error)) + { + /* If permission is denied, we just want to return the error + * to the original method invoker; in particular, we don't + * want to make the RequestName call fail with that error + * (see fd.o #78979, CVE-2014-3477). */ + if (!bus_transaction_send_error_reply (transaction, entry->connection, + &error, entry->activation_message)) + { + bus_connection_send_oom_error (entry->connection, + entry->activation_message); + } + + link = next; + continue; + } } link = next; @@ -1203,7 +1217,6 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation if (!add_restore_pending_to_transaction (transaction, pending_activation)) { _dbus_verbose ("Could not add cancel hook to transaction to revert removing pending activation\n"); - BUS_SET_OOM (error); goto error; } diff --git a/bus/activation.h b/bus/activation.h index 97f25b1f..fc5d426f 100644 --- a/bus/activation.h +++ b/bus/activation.h @@ -62,8 +62,7 @@ dbus_bool_t dbus_activation_systemd_failure (BusActivation *activation, dbus_bool_t bus_activation_send_pending_auto_activation_messages (BusActivation *activation, BusService *service, - BusTransaction *transaction, - DBusError *error); + BusTransaction *transaction); #endif /* BUS_ACTIVATION_H */ diff --git a/bus/services.c b/bus/services.c index 01a720ed..584485b1 100644 --- a/bus/services.c +++ b/bus/services.c @@ -588,8 +588,9 @@ bus_registry_acquire_service (BusRegistry *registry, activation = bus_context_get_activation (registry->context); retval = bus_activation_send_pending_auto_activation_messages (activation, service, - transaction, - error); + transaction); + if (!retval) + BUS_SET_OOM (error); out: return retval; diff --git a/configure.ac b/configure.ac index 5fdc5662..b3d09e2e 100644 --- a/configure.ac +++ b/configure.ac @@ -38,7 +38,7 @@ LT_CURRENT=11 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=4 +LT_REVISION=5 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has