tests: Add a test for signal filtering by well-known name

The vulnerability reported as GNOME/glib#3268 can be characterized as: these signals from an attacker should not be delivered to either the GDBusConnection or the GDBusProxy, but in fact they are (in at least some scenarios). Reproduces: https://gitlab.gnome.org/GNOME/glib/-/issues/3268 Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-11-10 03:16:17 +01:00 · 2024-03-08 19:53:22 +00:00 · 2024-03-08 19:53:22 +00:00 · f6d1b5471a
commit f6d1b5471a
parent fc0ee92072
1 changed files with 27 additions and 0 deletions
--- a/gio/tests/gdbus-subscribe.c
+++ b/gio/tests/gdbus-subscribe.c
@ -440,6 +440,33 @@ static const TestPlan plan_limit_by_well_known_name =
        .iface = EXAMPLE_INTERFACE,
      },
    },
+    {
+      /* Attacker wants to trick subscriber into thinking that service
+       * sent a signal */
+      .action = TEST_ACTION_EMIT_SIGNAL,
+      .u.signal = {
+        .sender = TEST_CONN_ATTACKER,
+        .path = EXAMPLE_PATH,
+        .iface = EXAMPLE_INTERFACE,
+        .member = FOO_SIGNAL,
+        .received_by_conn = 0,
+        .received_by_proxy = 0
+      },
+    },
+    {
+      /* Attacker tries harder, by sending a signal unicast directly to
+       * the subscriber */
+      .action = TEST_ACTION_EMIT_SIGNAL,
+      .u.signal = {
+        .sender = TEST_CONN_ATTACKER,
+        .unicast_to = TEST_CONN_SUBSCRIBER,
+        .path = EXAMPLE_PATH,
+        .iface = EXAMPLE_INTERFACE,
+        .member = FOO_SIGNAL,
+        .received_by_conn = 0,
+        .received_by_proxy = 0
+      },
+    },
    {
      /* When the service sends a signal with the name it already owns,
       * it should get through */