luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-03-30 20:33:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

gdbusprivate: Validate machine ID after loading it

Browse Source 
It’s unlikely that the machine ID will be invalid (it’s system
configuration), but it would be helpful to not propagate invalid IDs
further, since a lot of things rely on it.

It’s not easy to test this (it requires factoring out the code so it can
be used from a test program, or allowing it to load a machine ID from a
custom path), so I haven’t added unit tests. I’ve tested manually by
overriding the loaded machine ID.

Coverity CID: #1430944

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This commit is contained in:
Philip Withnall 2021-02-24 11:49:47 +00:00
parent ea19358039
commit daa62a35e1
1 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
gio/gdbusprivate.c
View File

@ -2472,6 +2472,8 @@ _g_dbus_get_machine_id (GError **error)
#else #else
gchar *ret = NULL; gchar *ret = NULL;
GError *first_error = NULL; GError *first_error = NULL;
gsize i;
gboolean non_zero = FALSE;
/* TODO: use PACKAGE_LOCALSTATEDIR ? */ /* TODO: use PACKAGE_LOCALSTATEDIR ? */
if (!g_file_get_contents ("/var/lib/dbus/machine-id", if (!g_file_get_contents ("/var/lib/dbus/machine-id",
@ -2483,17 +2485,41 @@ _g_dbus_get_machine_id (GError **error)
NULL, NULL,
NULL)) NULL))
{ {
g_propagate_prefixed_error (error, first_error, g_propagate_prefixed_error (error, g_steal_pointer (&first_error),
_("Unable to load /var/lib/dbus/machine-id or /etc/machine-id: ")); _("Unable to load /var/lib/dbus/machine-id or /etc/machine-id: "));
return NULL;
} }
else
/* ignore the error from the first try, if any */
g_clear_error (&first_error);
/* Validate the machine ID. From `man 5 machine-id`:
* > The machine ID is a single newline-terminated, hexadecimal, 32-character,
* > lowercase ID. When decoded from hexadecimal, this corresponds to a
* > 16-byte/128-bit value. This ID may not be all zeros.
*/
for (i = 0; ret[i] != '\0' && ret[i] != '\n'; i++)
{ {
/* ignore the error from the first try, if any */ /* Break early if its invalid. */
g_clear_error (&first_error); if (!g_ascii_isxdigit (ret[i]) || g_ascii_isupper (ret[i]))
/* TODO: validate value */ break;
g_strstrip (ret);
if (ret[i] != '0')
non_zero = TRUE;
} }
return ret;
if (i != 32 || ret[i] != '\n' || ret[i + 1] != '\0' || !non_zero)
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Invalid machine ID in /var/lib/dbus/machine-id or /etc/machine-id");
g_free (ret);
return NULL;
}
/* Strip trailing newline. */
ret[32] = '\0';
return g_steal_pointer (&ret);
#endif #endif
} }