fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-02-04 17:40:31 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
dbus/dbus
History
Simon McVittie 51a5bbf907 dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed 
When a D-Bus message includes attached file descriptors, the body of the
message contains unsigned 32-bit indexes pointing into an out-of-band
array of file descriptors. Some D-Bus APIs like GLib's GDBus refer to
these indexes as "handles" for the associated fds (not to be confused
with a Windows HANDLE, which is a kernel object).

The assertion message removed by this commit is arguably correct up to
a point: fd-passing is only reasonable on a local machine, and no known
operating system allows processes of differing endianness even on a
multi-endian ARM or PowerPC CPU, so it makes little sense for the sender
to specify a byte-order that differs from the byte-order of the recipient.

However, this doesn't account for the fact that a malicious sender
doesn't have to restrict itself to only doing things that make sense.
On a system with untrusted local users, a message sender could crash
the system dbus-daemon (a denial of service) by sending a message in
the opposite endianness that contains handles to file descriptors.

Before this commit, if assertions are enabled, attempting to byteswap
a fd index would cleanly crash the message recipient with an assertion
failure. If assertions are disabled, attempting to byteswap a fd index
would silently do nothing without advancing the pointer p, causing the
message's type and the pointer into its contents to go out of sync, which
can result in a subsequent crash (the crash demonstrated by fuzzing was
a use-after-free, but other failure modes might be possible).

In principle we could resolve this by rejecting wrong-endianness messages
from a local sender, but it's actually simpler and less code to treat
wrong-endianness messages as valid and byteswap them.

Thanks: Evgeny Vereshchagin
Fixes: ba7daa60 "unix-fd: add basic marshalling code for unix fds"
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
Resolves: CVE-2022-42012
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 236f16e444)
(cherry picked from commit 3fb065b075)
2022-10-05 10:47:05 +01:00
..
.gitignore Rename dbus-test to test-dbus to match common test application naming scheme. 2014-01-17 16:17:02 +00:00
dbus-address.c Fix warnings from compiler option '-Wshadow' 2016-10-10 18:04:09 +01:00
dbus-address.h Implement dbus_clear_connection(), etc. 2017-07-30 08:48:43 +01:00
dbus-arch-deps.h.in Remove support for platforms with no 64-bit integer type 2013-09-16 15:31:02 +01:00
dbus-asv-util.c asv-util: Expose functions to open an arbitrary entry 2017-06-08 16:59:46 +01:00
dbus-asv-util.h asv-util: Expose functions to open an arbitrary entry 2017-06-08 16:59:46 +01:00
dbus-auth-script.c test: Add basic test coverage for DBUS_COOKIE_SHA1 2019-06-09 13:08:49 +01:00
dbus-auth-script.h Consistently include <config.h> in all C source files and never in header files. 2010-03-19 20:11:48 +01:00
dbus-auth-util.c Remove trailing newlines from _dbus_warn, _dbus_warn_check_failed 2016-09-30 19:36:51 +01:00
dbus-auth.c auth: Reject DBUS_COOKIE_SHA1 for users other than the server owner 2019-06-09 13:08:12 +01:00
dbus-auth.h On bus startup check given auth in config file against supported mechanisms. 2017-02-02 11:28:35 +01:00
dbus-bus.c Refer to dbus_try_get_local_machine_id() in doc-comments 2017-06-08 18:34:40 +01:00
dbus-bus.h Decorated public exported functions with DBUS_EXPORT macro, reviewed by Colin Walters. 2010-03-16 09:33:39 +01:00
dbus-connection-internal.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-connection.c DBusPendingCall: Only update ->completed under the connection lock 2018-02-06 19:14:27 +00:00
dbus-connection.h Implement dbus_clear_connection(), etc. 2017-07-30 08:48:43 +01:00
dbus-credentials-util.c Remove some redundant inclusions 2015-02-20 20:49:01 +00:00
dbus-credentials.c Move defaults for some switches into a default case 2017-01-17 17:20:53 +00:00
dbus-credentials.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-dataslot.c Remove trailing newlines from _dbus_assert_not_reached 2016-08-12 17:11:48 +01:00
dbus-dataslot.h Replace individual global-lock variables with an array of DBusRMutex * 2013-06-17 16:53:51 +01:00
dbus-errors.c _dbus_set_error_valist: add 2015-02-03 16:19:20 +00:00
dbus-errors.h Add missing format attributes suggested by -Wsuggest-attribute=format 2016-10-13 22:44:13 +01:00
dbus-file-unix.c Fail to generate random bytes instead of falling back to rand() 2015-05-14 14:30:30 +01:00
dbus-file-win.c dbus-file-win: print a HANDLE correctly 2016-10-13 22:44:12 +01:00
dbus-file.c moved out dbus file related functions from sysdeps into separate files - tested on windows 2009-12-20 11:24:32 +01:00
dbus-file.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-hash.c dbus-hash: Fix memory leaks in internal hash table tests 2017-02-16 14:17:04 +00:00
dbus-hash.h Implement dbus_clear_connection(), etc. 2017-07-30 08:48:43 +01:00
dbus-init-win.cpp dbus_threads_init_default, dbus_threads_init: be safe to call at any time 2013-05-10 11:35:08 +01:00
dbus-internals.c internals: Decouple logging an error from exiting unsuccessfully 2017-07-05 13:12:37 +01:00
dbus-internals.h internals: Use Standard C offsetof macro if available 2021-12-17 12:57:42 +00:00
dbus-keyring.c Merge branch 'dbus-1.10' 2017-02-16 15:59:37 +00:00
dbus-keyring.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
dbus-list.c dbus-list: Add some missing OOM paths to an internal test 2017-02-13 16:05:57 +00:00
dbus-list.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-macros.h Implement dbus_clear_connection(), etc. 2017-07-30 08:48:43 +01:00
dbus-mainloop.c DBusMainLoop: ensure all required timeouts are restarted 2017-07-20 20:35:04 +01:00
dbus-mainloop.h Revert all changes since a36d4918a6 2012-01-04 17:44:23 +00:00
dbus-marshal-basic.c Remove trailing newlines from _dbus_warn, _dbus_warn_check_failed 2016-09-30 19:36:51 +01:00
dbus-marshal-basic.h Partially fix warnings from compiler option '-Wredundant-decls' 2016-10-10 15:11:03 +01:00
dbus-marshal-byteswap-util.c Remove trailing newlines from _dbus_warn, _dbus_warn_check_failed 2016-09-30 19:36:51 +01:00
dbus-marshal-byteswap.c dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed 2022-10-05 10:47:05 +01:00
dbus-marshal-byteswap.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-marshal-header.c Fix warning: "pointer targets in assignment differ in signedness [-Wpointer-sign]". 2015-11-24 12:26:00 +01:00
dbus-marshal-header.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-marshal-recursive-util.c test, tools: assert impossible values of local enums are not reached 2017-04-07 12:07:01 +01:00
dbus-marshal-recursive.c Remove trailing newlines from _dbus_warn, _dbus_warn_check_failed 2016-09-30 19:36:51 +01:00
dbus-marshal-recursive.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-marshal-validate-util.c _dbus_marshal_validate_test: Uncomment commented-out test coverage 2017-07-05 13:13:01 +01:00
dbus-marshal-validate.c dbus-marshal-validate: Validate length of arrays of fixed-length items 2022-10-05 10:46:15 +01:00
dbus-marshal-validate.h Remove now-unused _dbus_validate_signature() 2017-07-04 17:07:32 +01:00
dbus-memory.c Move defaults for some switches into a default case 2017-01-17 17:20:53 +00:00
dbus-memory.h Do not apply __attribute__((__malloc__)) to dbus_realloc() 2018-08-30 17:34:25 +01:00
dbus-mempool.c Fix incorrect sizeof in a Valgrind hint macro call. 2013-09-16 13:07:41 +01:00
dbus-mempool.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-message-factory.c dbus-message-factory: Add some missing OOM paths to an internal test 2017-02-13 16:06:33 +00:00
dbus-message-factory.h tests to embedded tests: replaced in libdbus 2013-06-28 12:15:53 +01:00
dbus-message-internal.h Implement dbus_clear_connection(), etc. 2017-07-30 08:48:43 +01:00
dbus-message-private.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-message-util.c policy: Add max_fds, min_fds qualifiers for send, receive rules 2017-07-28 11:36:51 +01:00
dbus-message.c dbus_message_demarshal: Set error if we can't allocate the loader 2022-10-05 10:46:55 +01:00
dbus-message.h Implement dbus_clear_connection(), etc. 2017-07-30 08:48:43 +01:00
dbus-misc.c Add dbus_try_get_local_machine_id() 2017-06-08 18:31:10 +01:00
dbus-misc.h Add dbus_try_get_local_machine_id() 2017-06-08 18:31:10 +01:00
dbus-nonce.c nonce: Don't try to rmdir(NULL) on OOM 2018-08-02 17:16:04 +01:00
dbus-nonce.h Convert miscellaneous socket APIs to DBusSocket 2015-05-12 18:35:38 +01:00
dbus-object-tree.c dbus-object-tree test: tolerate OOM in run_decompose_tests() 2017-02-14 08:53:12 +00:00
dbus-object-tree.h Revert all changes since a36d4918a6 2012-01-04 17:44:23 +00:00
dbus-pending-call-internal.h DBusPendingCall: Only update ->completed under the connection lock 2018-02-06 19:14:27 +00:00
dbus-pending-call.c DBusPendingCall: Improve doc-comments around completed flag 2018-02-06 19:14:27 +00:00
dbus-pending-call.h Implement dbus_clear_connection(), etc. 2017-07-30 08:48:43 +01:00
dbus-pipe-unix.c Make dbus-daemon.exe --print-address work under Windows 2012-02-28 12:37:41 +00:00
dbus-pipe-win.c Make dbus-daemon.exe --print-address work under Windows 2012-02-28 12:37:41 +00:00
dbus-pipe.c Make dbus-daemon.exe --print-address work under Windows 2012-02-28 12:37:41 +00:00
dbus-pipe.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-protocol.h Revert "Add DBus method to return the AA context of a connection" 2015-02-18 20:57:08 +00:00
dbus-resources.c DBusCounter: add a mutex to protect the refcount and notify function 2015-05-05 12:30:30 +01:00
dbus-resources.h Revert all changes since a36d4918a6 2012-01-04 17:44:23 +00:00
dbus-server-debug-pipe.c _dbus_server_init_base: raise a DBusError 2015-05-14 14:30:30 +01:00
dbus-server-debug-pipe.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
dbus-server-launchd.c _dbus_server_new_for_socket: raise a DBusError 2015-05-14 14:30:30 +01:00
dbus-server-launchd.h Add launchd implementation. 2010-12-06 21:33:06 +01:00
dbus-server-protected.h _dbus_server_new_for_socket: Properly disconnect during error unwinding 2017-11-24 13:16:30 +00:00
dbus-server-socket.c _dbus_server_new_for_socket: Iterate over arrays as intended 2017-11-27 19:48:36 +00:00
dbus-server-socket.h _dbus_server_new_for_socket: raise a DBusError 2015-05-14 14:30:30 +01:00
dbus-server-unix.c dbus-server-socket: Make unix:tmpdir equivalent to unix:dir 2022-10-02 15:05:35 +01:00
dbus-server-unix.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
dbus-server-win.c Remove duplicate nonce-tcp (service-side) transport on Windows 2012-06-05 12:18:23 +01:00
dbus-server-win.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
dbus-server.c dbus_server_listen: Don't leak first_connect_error 2018-08-02 17:13:02 +01:00
dbus-server.h Implement dbus_clear_connection(), etc. 2017-07-30 08:48:43 +01:00
dbus-sha.c test, tools: assert impossible values of local enums are not reached 2017-04-07 12:07:01 +01:00
dbus-sha.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
dbus-shared.h Add org.freedesktop.DBus.Verbose interface to dbus-daemon when compiled with DBUS_ENABLE_VERBOSE_MODE. 2015-02-13 11:20:21 +01:00
dbus-shell.c Fix misleading indentation to avoid respective compiler warning 2016-08-11 16:41:14 +01:00
dbus-shell.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
dbus-signature.c dbus_signature_validate: be sure to use a literal format string 2016-10-13 22:44:12 +01:00
dbus-signature.h Revert all changes since a36d4918a6 2012-01-04 17:44:23 +00:00
dbus-socket-set-epoll.c dbus-socket-set-epoll: initialize all bytes of struct epoll_event 2017-02-22 11:06:22 +00:00
dbus-socket-set-poll.c Convert mostly DBUS_SOCKET_... and DBUS_POLLABLE_.. macros for more type safety. 2015-05-12 18:36:24 +01:00
dbus-socket-set.c Add an implementation of DBusSocketSet using epoll 2011-06-13 17:30:40 +01:00
dbus-socket-set.h DBusMainLoop, DBusSocketSet: work in terms of DBusPollable 2015-05-12 18:34:32 +01:00
dbus-sockets-win.h Mostly remove the remnants of an older socket abstraction layer 2015-05-12 18:34:24 +01:00
dbus-spawn-test.c Pass in DBUS_TEST_EXEC via environment, not hard-coded into binaries 2017-04-18 17:20:30 +01:00
dbus-spawn-win.c Be more const-correct 2016-10-13 17:20:28 +01:00
dbus-spawn.c spawn-unix: Don't log an error if unable to reset Linux OOM score 2022-02-25 14:57:18 +00:00
dbus-spawn.h Be more const-correct 2016-10-13 17:20:28 +01:00
dbus-string-private.h Revert all changes since a36d4918a6 2012-01-04 17:44:23 +00:00
dbus-string-util.c Remove trailing newlines from _dbus_assert_not_reached 2016-08-12 17:11:48 +01:00
dbus-string.c _dbus_string_append_printf_valist: avoid leaking copy of varargs 2015-01-29 12:09:40 +00:00
dbus-string.h Add missing format attributes suggested by -Wsuggest-attribute=format 2016-10-13 22:44:13 +01:00
dbus-syntax.c Doc: fix incorrect param names, missing params, non-exist params 2013-08-22 20:01:08 +01:00
dbus-syntax.h Add dbus-syntax.[ch] 2012-02-24 12:43:55 +00:00
dbus-sysdeps-pthread.c Remove trailing newlines from _dbus_warn, _dbus_warn_check_failed 2016-09-30 19:36:51 +01:00
dbus-sysdeps-thread-win.c Fix compiling on windows/mingw with automake build system. 2016-05-16 14:11:24 +02:00
dbus-sysdeps-unix.c disable fork-malloc-exec for non-glibc-systems 2021-12-17 12:55:33 +00:00
dbus-sysdeps-unix.h sysdeps-unix: Factor out _dbus_reset_oom_score_adj 2022-02-25 14:57:18 +00:00
dbus-sysdeps-util-unix.c sysdeps-unix: Diagnose failure to open /proc/self/oom_score_adj 2022-02-25 14:57:18 +00:00
dbus-sysdeps-util-win.c test: Add basic test coverage for DBUS_COOKIE_SHA1 2019-06-09 13:08:49 +01:00
dbus-sysdeps-util.c Clean up how we arrange for environ to be declared 2016-10-13 17:20:34 +01:00
dbus-sysdeps-win.c sysdeps-win: Print word-size-dependent offset correctly 2018-10-04 16:54:10 +01:00
dbus-sysdeps-win.h Partially fix warnings from compiler option '-Wredundant-decls' 2016-10-10 15:11:03 +01:00
dbus-sysdeps-wince-glue.c Doc: fix incorrect param names, missing params, non-exist params 2013-08-22 20:01:08 +01:00
dbus-sysdeps-wince-glue.h Wrap OutputDebugString for Windows CE builds, and add cast for MSVC. 2010-07-19 10:32:08 +02:00
dbus-sysdeps.c Move defaults for some switches into a default case 2017-01-17 17:20:53 +00:00
dbus-sysdeps.h test: Add basic test coverage for DBUS_COOKIE_SHA1 2019-06-09 13:08:49 +01:00
dbus-test-main.c Include string.h for strcmp() 2016-10-10 15:09:36 +01:00
dbus-test.c Add missing function attributes suggested by clang (but not by gcc) 2016-10-13 22:44:13 +01:00
dbus-test.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-threads-internal.h Add DBUS_PRIVATE_EXPORT decoration to symbols used by dbus-daemon or tests 2015-02-20 20:49:36 +00:00
dbus-threads.c Revert "Add a statically-initialized implementation of _dbus_lock() on glibc systems" 2013-08-30 17:31:16 +01:00
dbus-threads.h Allow both recursive and non-recursive mutexes to be supplied 2012-02-21 14:41:28 +00:00
dbus-timeout.c bus: Fix timeout restarts 2017-02-01 10:42:50 +00:00
dbus-timeout.h bus: Fix timeout restarts 2017-02-01 10:42:50 +00:00
dbus-transport-protected.h generic socket transport code: work in terms of DBusSocket 2015-05-12 18:35:24 +01:00
dbus-transport-socket.c dbus-transport-socket: Correctly print DBusSocket with DBUS_SOCKET_FORMAT 2018-10-04 11:19:21 +01:00
dbus-transport-socket.h generic socket transport code: work in terms of DBusSocket 2015-05-12 18:35:24 +01:00
dbus-transport-unix.c Turn DBusSocket into a type-safe struct, preventing inappropriate conversion 2015-05-12 18:35:56 +01:00
dbus-transport-unix.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
dbus-transport-win.c Remove duplicate nonce-tcp (client side) transport on Windows 2012-06-05 12:17:58 +01:00
dbus-transport-win.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
dbus-transport.c transport: Don't pile up errors for semicolon-separated components 2017-06-27 19:13:40 +01:00
dbus-transport.h generic socket transport code: work in terms of DBusSocket 2015-05-12 18:35:24 +01:00
dbus-types.h Remove support for platforms with no 64-bit integer type 2013-09-16 15:31:02 +01:00
dbus-userdb-util.c userdb: Reference-count DBusUserInfo, DBusGroupInfo 2020-07-02 10:08:49 +01:00
dbus-userdb.c userdb: Reference-count DBusUserInfo, DBusGroupInfo 2020-07-02 10:08:49 +01:00
dbus-userdb.h userdb: Reference-count DBusUserInfo, DBusGroupInfo 2020-07-02 10:08:49 +01:00
dbus-uuidgen.c Make UUID generation failable 2015-05-14 14:30:30 +01:00
dbus-uuidgen.h uuidgen: Remove unimplemented declaration 2017-06-08 17:32:59 +01:00
dbus-valgrind-internal.h Fix building with newer Valgrind 2012-11-09 14:04:27 +00:00
dbus-watch.c Fix warnings from compiler option '-Wshadow' 2016-10-10 18:04:09 +01:00
dbus-watch.h DBusMainLoop, DBusSocketSet: work in terms of DBusPollable 2015-05-12 18:34:32 +01:00
dbus.h CONTRIBUTING: Reformat as Markdown 2018-12-04 11:13:44 +00:00
Makefile.am Adapt to API change in AX_CODE_COVERAGE version 28 2019-04-17 10:19:57 +01:00
Version.in Link dbus-daemon and dbus-daemon-lauch-helper against libdbus 2015-02-20 20:49:45 +00:00
versioninfo.rc.in Update versioninfo.rc.in 2017-10-18 19:19:50 +02:00