/[packages]/updates/1/dbus-glib/current/SOURCES/dbus-glib-CVE-2013-0292.patch
ViewVC logotype

Annotation of /updates/1/dbus-glib/current/SOURCES/dbus-glib-CVE-2013-0292.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 398679 - (hide annotations) (download)
Sat Feb 16 17:18:45 2013 UTC (8 years, 7 months ago) by luigiwalser
File size: 1829 byte(s)
add upstream patch to fix CVE-2013-0292
1 luigiwalser 398679 From 166978a09cf5edff4028e670b6074215a4c75eca Mon Sep 17 00:00:00 2001
2     From: Colin Walters <walters@verbum.org>
3     Date: Thu, 14 Feb 2013 15:19:34 +0000
4     Subject: CVE-2013-0292: dbus-gproxy: Verify sender of NameOwnerChanged signals to be o.f.DBus
5    
6     Anyone can hop on the bus and emit a signal whose interface is
7     o.f.DBus; it's expected at the moments that clients (and notably DBus
8     libraries) check the sender.
9    
10     This could previously be used to trick a system service using dbus-glib
11     into thinking a malicious signal came from a privileged source, by
12     claiming that ownership of the privileged source's well-known name had
13     changed from the privileged source's real unique name to the attacker's
14     unique name.
15    
16     [altered to be NULL-safe so it won't crash on peer connections -smcv]
17     Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
18     Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
19     ---
20     diff --git a/dbus/dbus-gproxy.c b/dbus/dbus-gproxy.c
21     index 2fc52f9..c3ae9ec 100644
22     --- a/dbus/dbus-gproxy.c
23     +++ b/dbus/dbus-gproxy.c
24     @@ -1250,8 +1250,11 @@ dbus_g_proxy_manager_filter (DBusConnection *connection,
25     GSList *tmp;
26     const char *sender;
27    
28     + sender = dbus_message_get_sender (message);
29     +
30     /* First we handle NameOwnerChanged internally */
31     - if (dbus_message_is_signal (message,
32     + if (g_strcmp0 (sender, DBUS_SERVICE_DBUS) == 0 &&
33     + dbus_message_is_signal (message,
34     DBUS_INTERFACE_DBUS,
35     "NameOwnerChanged"))
36     {
37     @@ -1280,8 +1283,6 @@ dbus_g_proxy_manager_filter (DBusConnection *connection,
38     }
39     }
40    
41     - sender = dbus_message_get_sender (message);
42     -
43     /* dbus spec requires these, libdbus validates */
44     g_assert (dbus_message_get_path (message) != NULL);
45     g_assert (dbus_message_get_interface (message) != NULL);
46     --
47     cgit v0.9.0.2-2-gbebe

  ViewVC Help
Powered by ViewVC 1.1.28