55 lines
2.4 KiB
Plaintext
55 lines
2.4 KiB
Plaintext
$OpenBSD: patch-bus_policy_c,v 1.1 2008/02/29 13:38:56 bernd Exp $
|
|
|
|
Security fix for CVE-2008-0595.
|
|
http://secunia.com/advisories/29148/
|
|
http://lists.freedesktop.org/archives/dbus/2008-February/009401.html
|
|
|
|
--- bus/policy.c.orig Mon Dec 11 20:21:22 2006
|
|
+++ bus/policy.c Fri Feb 29 10:33:17 2008
|
|
@@ -931,9 +931,19 @@ bus_client_policy_check_can_send (BusClientPolicy *pol
|
|
|
|
if (rule->d.send.interface != NULL)
|
|
{
|
|
- if (dbus_message_get_interface (message) != NULL &&
|
|
- strcmp (dbus_message_get_interface (message),
|
|
- rule->d.send.interface) != 0)
|
|
+ /* The interface is optional in messages. For allow rules, if the message
|
|
+ * has no interface we want to skip the rule (and thus not allow);
|
|
+ * for deny rules, if the message has no interface we want to use the
|
|
+ * rule (and thus deny).
|
|
+ */
|
|
+ dbus_bool_t no_interface;
|
|
+
|
|
+ no_interface = dbus_message_get_interface (message) == NULL;
|
|
+
|
|
+ if ((no_interface && rule->allow) ||
|
|
+ (!no_interface &&
|
|
+ strcmp (dbus_message_get_interface (message),
|
|
+ rule->d.send.interface) != 0))
|
|
{
|
|
_dbus_verbose (" (policy) skipping rule for different interface\n");
|
|
continue;
|
|
@@ -1117,9 +1127,19 @@ bus_client_policy_check_can_receive (BusClientPolicy *
|
|
|
|
if (rule->d.receive.interface != NULL)
|
|
{
|
|
- if (dbus_message_get_interface (message) != NULL &&
|
|
- strcmp (dbus_message_get_interface (message),
|
|
- rule->d.receive.interface) != 0)
|
|
+ /* The interface is optional in messages. For allow rules, if the message
|
|
+ * has no interface we want to skip the rule (and thus not allow);
|
|
+ * for deny rules, if the message has no interface we want to use the
|
|
+ * rule (and thus deny).
|
|
+ */
|
|
+ dbus_bool_t no_interface;
|
|
+
|
|
+ no_interface = dbus_message_get_interface (message) == NULL;
|
|
+
|
|
+ if ((no_interface && rule->allow) ||
|
|
+ (!no_interface &&
|
|
+ strcmp (dbus_message_get_interface (message),
|
|
+ rule->d.receive.interface) != 0))
|
|
{
|
|
_dbus_verbose (" (policy) skipping rule for different interface\n");
|
|
continue;
|