luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-02-22 18:22:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

gdbusconnection: Allow name owners to have the syntax of a well-known name

Browse Source 
In a D-Bus-Specification-compliant message bus, the owner of a well-known
name is a unique name. However, ibus has its own small implementation
of a message bus (src/ibusbus.c) in which org.freedesktop.IBus is
special-cased to also have itself as its owner (like org.freedesktop.DBus
on a standard message bus), and connects to that bus with the
G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION flag. The ability to do
this regressed when CVE-2024-34397 was fixed.

Relax the checks to allow the owner of a well-known name to be any valid
D-Bus name, even if it is not syntactically a unique name.

Fixes: 683b14b9 "gdbus: Track name owners for signal subscriptions"
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3353
Bug-Debian: https://bugs.debian.org/1070730
Bug-Debian: https://bugs.debian.org/1070736
Bug-Debian: https://bugs.debian.org/1070743
Bug-Debian: https://bugs.debian.org/1070745
Signed-off-by: Simon McVittie <smcv@debian.org>
(cherry picked from commit 7d65f6c5a20f67aa9a857d0f7b0bf5de4d75be9b)
This commit is contained in:
Simon McVittie 2024-05-08 14:46:08 +00:00 committed by Simon McVittie
parent 37877d371b
commit d86ea4706d
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
gio/gdbusconnection.c
View File

@ -2400,7 +2400,10 @@ name_watcher_deliver_name_owner_changed_unlocked (SignalData *name_watcher,
/* Our caller already checked this */ /* Our caller already checked this */
g_assert (g_strcmp0 (name_watcher->arg0, name) == 0); g_assert (g_strcmp0 (name_watcher->arg0, name) == 0);
if (G_LIKELY (new_owner[0] == '\0' || g_dbus_is_unique_name (new_owner))) /* FIXME: This should be validating that `new_owner` is a unique name,
* but IBus implementation of a message bus is not compliant with the spec.
* See https://gitlab.gnome.org/GNOME/glib/-/issues/3353 */
if (G_LIKELY (new_owner[0] == '\0' || g_dbus_is_name (new_owner)))
name_watcher_set_name_owner_unlocked (name_watcher, new_owner); name_watcher_set_name_owner_unlocked (name_watcher, new_owner);
else else
g_warning ("Received NameOwnerChanged signal with invalid owner \"%s\" for \"%s\"", g_warning ("Received NameOwnerChanged signal with invalid owner \"%s\" for \"%s\"",
@ -2452,7 +2455,10 @@ name_watcher_deliver_get_name_owner_reply_unlocked (SignalData *name_watcher,
g_variant_get (body, "(&s)", &new_owner); g_variant_get (body, "(&s)", &new_owner);
if (G_LIKELY (g_dbus_is_unique_name (new_owner))) /* FIXME: This should be validating that `new_owner` is a unique name,
* but IBus implementation of a message bus is not compliant with the spec.
* See https://gitlab.gnome.org/GNOME/glib/-/issues/3353 */
if (G_LIKELY (g_dbus_is_name (new_owner)))
name_watcher_set_name_owner_unlocked (name_watcher, new_owner); name_watcher_set_name_owner_unlocked (name_watcher, new_owner);
else else
g_warning ("Received GetNameOwner reply with invalid owner \"%s\" for \"%s\"", g_warning ("Received GetNameOwner reply with invalid owner \"%s\" for \"%s\"",