Some distributions are known to have shipped dbus 1.15.x as though it
was a stable release, and it isn't clear whether they knew that we use
the odd/even versioning convention like GLib does.
If we add a -alpha, -beta, -rc suffix to development versions starting
from 1.17.0, then distros that know we use odd/even versioning will
know that our development versions are not a stable-branch, and so will
distros that mistakenly think we use the "semantic versioning"
versioning convention popularized by <https://semver.org/>.
(We intentionally do not use semver, because semver would require us to
ship a new minor version every time we add new API, and we do not have
the resources to provide security support for an unlimited number of
minor versions in parallel: we need to be able to nominate a subset of
our releases as having longer-term security support, in a way that signals
to distros that these are the releases they should prefer to ship.)
CMake's `project()` doesn't allow this version number format[1], but
we intend to use version numbers where the (major, minor, micro) tuple
is enough to uniquely identify a release, so we can just tell CMake our
version number without the suffix and there will be no ambiguity.
Similarly, the dash is not allowed in GNU ld version scripts, so use
the form of the version number without the suffix there.
[1] https://gitlab.kitware.com/cmake/cmake/-/issues/16716
Helps: dbus#530
Signed-off-by: Simon McVittie <smcv@collabora.com>
Solaris does not allow rmdir() to remove the cwd, so chdir() out of
the tempdir before removing it.
Without this fix, misc-internal reported a failure on Solaris 11.4:
not ok 16 - failed to remove test socket directory /tmp/dbus-test-tduvWc
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
check_valid_fd() does not touch its second parameter if the fd is not,
in fact, a valid fd. Initialize the "out" parameter to the opposite
of the value we are hoping for, so that both assertions will fail if
there is a problem.
Signed-off-by: Simon McVittie <smcv@collabora.com>
It's a wrapper around snprintf(), so we are not gaining any efficiency
versus _dbus_string_append_printf(), and might as well use the more
general function instead. Doing it this way might even be a little *more*
efficient, since it reduces reallocations; it's certainly more concise.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Previously, if dbus_connection_get_unix_user() succeeded but
_dbus_unix_groups_from_uid() failed, then bus_connection_get_unix_groups()
would incorrectly fail without setting the error indicator, resulting
in "(null)" being logged, which is rather unhelpful.
This also lets us distinguish between ENOMEM and other errors, such as
the uid not existing in the system's user database.
Fixes: 145fb99b (untitled refactoring commit, 2006-12-12)
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
Signed-off-by: Simon McVittie <smcv@collabora.com>
The new socket option SO_PEERPIDFD allows to pin the process on the
other side of the socket by file descriptor, which closes a race
condition where a PID can be reused before we can pin it manually.
Available since Linux v6.5.
When storing credentials, pin the process by FD from the PID.
When querying the PID, if the PID FD is available, resolve
it from there first if possible.
Ensure the DBusCredentials object only returns the PID FD if it was
obtained by this call, so that we know for sure we can rely on it
being safe against PID reuse attacks.
Signed-off-by: Luca Boccassi <bluca@debian.org>
The full license texts are not added because they were already
added in a previous commit.
Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
see #394
In some more complicated loops, we do need to use 'goto' to exit from
an inner loop, or to jump to cleanup or an increment of an iterator
immediately before the next loop iteration. However, in these simple
cases, jumping to a label immediately before the 'while' keyword is
unnecessary: we can use an equivalent 'continue' statement for flow
control.
This makes it easier for maintainers to notice the loops where we are
doing something more complicated, which still use 'goto', and know
that they need to pay more attention in those cases.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The TCL-derived code is under its own license, so the overall license
of the file is (AFL-2.1 OR GPL-2.0-or-later) AND TCL.
Signed-off-by: Simon McVittie <smcv@collabora.com>
I am trying to run cross-compiled tests in QEMU with the build directory
mounted via smbfs, and therefore creating the sockets in the CWD does not
work. Using DBUS_TEST_SOCKET_DIR (/tmp by default) allows me to run the
tests successfully.
To avoid that build break in test-marshall-recursive-util.c the newly
added function _dbus_string_append_buffer_as_hex() is used to print
the hex bytes.
Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
To fix this problem, the problematic code was replaced by a new function
_dbus_string_get_allocated_size(), which uses the existing macro
DBUS_CONST_STRING_PREAMBLE for these purposes.
Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
Part-of: https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/275
Reviewed-by: Simon McVittie <smcv@collabora.com>
Using PRId64, etc. to print dbus_int64_t or dbus_uint64_t is not 100%
portable. On platforms where both long and long long are 64-bit (such as
Linux and macOS), we will prefer to define dbus_int64_t as long.
If the operating system has chosen to define int64_t as long long,
which is apparently the case on macOS, then the compiler can warn that
we are passing a long argument to PRId64, which is "lld" and therefore
expects a long long argument (even though that ends up with the same
bit-pattern being used).
We can't necessarily just use int64_t and uint64_t directly, even if all
our supported platforms have them available now, because swapping
dbus_int64_t between long and long long might change C++ name mangling,
causing ABI breaks in third-party libraries if they define C++ functions
that take a dbus_int64_t argument.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Otherwise, Coverity will diagnose this as a resource leak,
because it doesn't understand that our assertions end up guaranteeing
that the result is freed if and only if it's non-`NULL`.
Coverity CID: 354884
Assertions can be disabled, but in test code the assertions are the
whole point, so use checks that can't be disabled instead.
Because there's a lot of test code, I haven't done this globally, only
in the tests that I recently converted from "embedded" to "modular".
Signed-off-by: Simon McVittie <smcv@collabora.com>
Assertions can be disabled; but in test code the assertions are the
entire point, so we don't want to disable them. Use _dbus_test_fatal()
instead.
test-service is actually a test helper rather than a test, so use its
pre-existing die() function instead.
Signed-off-by: Simon McVittie <smcv@collabora.com>
These previously relied on embedding test-specific code in libdbus,
but they actually only need public APIs, private interfaces that get
exported anyway for the benefit of dbus-daemon, and the TAP helpers;
so we can run them even in production builds.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This doesn't verify that they're atomic, but does verify that they
return the right things.
This commit adds a new test function _dbus_test_check (a) to make
writing tests easier. It checks the given boolean expression and
generates a "not ok" test result if the expression is false.
Due to the current design of the test api, the test is only compiled
if embedded tests were enabled at the time of configuration.
It was also necessary to move the test_atomic target definitions in
test/Makefile.am to the --enable-embedded-tests section to avoid a
make distcheck build error.
The test case itself has been authored by smcv.
Co-authored-by: Simon McVittie <smcv@collabora.com>
Instead of exposing _dbus_sha_test() as a private exported symbol,
we can expose _dbus_sha_compute(), which is the only thing called by
the test that isn't already exported.
Signed-off-by: Simon McVittie <smcv@collabora.com>
We don't actually complete successful authentication, because that
would require us to generate a cookie and compute the correct SHA1,
which is difficult to do in a deterministic authentication script.
However, we do assert that dbus#269 (CVE-2019-12749) has been fixed.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This requires exposing _dbus_connection_get_address() as an internal
symbol, but that seems worth it.
Signed-off-by: Simon McVittie <smcv@collabora.com>
dbus-marshal-recursive-util.c contains utility functions used by the
other two, as well as tests. The others are purely test code.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This required exposing one additional internal symbol:
_dbus_hash_table_ref(). I think that's a reasonable trade-off for not
compiling this test into the library.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This makes it easier for a developer to run just the fast parts while
debugging some issue reproduced by the faster tests.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Now that there is no code outside test/ that calls into this, we can
move it into test/, reducing the size of libdbus.
dbus-test-tap.[ch] still need to stay in dbus/ as long as there is
code in dbus/ or bus/ relying on them, and also need to be linked into
libdbus as long as there is other code in libdbus relying on them,
so they stay where they are for now. Similarly, dbus-tests.h lists
the tests that are still embedded in libdbus, and must stay where
it is for the moment.
With this move, various tests now need to be linked to the dbus-testutils
convenience library.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This groups them with the rest of the tests, and enables parts of
the test code to be unembedded from libdbus and moved to test/ too.
Rename the executable to test-misc-internals, not test-dbus. The name
test-dbus made some sense as "the executable that contains the code in
dbus/", but makes a lot less sense in test/: dbus is the name of the
entire project, so this test has no particular special claim to that
name. test-libdbus doesn't seem right either, because all the tests
exercise libdbus one way or another.
Signed-off-by: Simon McVittie <smcv@collabora.com>
