Projects
Mega:24.03:SP1:Everything
glib2
_service:tar_scm:backport-gdbusconnection-Allow...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a-well-known-name.patch of Package glib2
From c1ddca0955619cab194be2b22915c562e94f8852 Mon Sep 17 00:00:00 2001 From: Simon McVittie <smcv@collabora.com> Date: Wed, 8 May 2024 14:46:08 +0000 Subject: [PATCH] gdbusconnection: Allow name owners to have the syntax of a well-known name In a D-Bus-Specification-compliant message bus, the owner of a well-known name is a unique name. However, ibus has its own small implementation of a message bus (src/ibusbus.c) in which org.freedesktop.IBus is special-cased to also have itself as its owner (like org.freedesktop.DBus on a standard message bus), and connects to that bus with the G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION flag. The ability to do this regressed when CVE-2024-34397 was fixed. Relax the checks to allow the owner of a well-known name to be any valid D-Bus name, even if it is not syntactically a unique name. Fixes: 683b14b9 "gdbus: Track name owners for signal subscriptions" Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3353 Bug-Debian: https://bugs.debian.org/1070730 Bug-Debian: https://bugs.debian.org/1070736 Bug-Debian: https://bugs.debian.org/1070743 Bug-Debian: https://bugs.debian.org/1070745 Signed-off-by: Simon McVittie <smcv@debian.org> --- gio/gdbusconnection.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c index 782caff0aa..bd0cd1b0eb 100644 --- a/gio/gdbusconnection.c +++ b/gio/gdbusconnection.c @@ -2402,7 +2402,10 @@ name_watcher_deliver_name_owner_changed_unlocked (SignalData *name_watcher, /* Our caller already checked this */ g_assert (g_strcmp0 (name_watcher->arg0, name) == 0); - if (G_LIKELY (new_owner[0] == '\0' || g_dbus_is_unique_name (new_owner))) + /* FIXME: This should be validating that `new_owner` is a unique name, + * but IBus’ implementation of a message bus is not compliant with the spec. + * See https://gitlab.gnome.org/GNOME/glib/-/issues/3353 */ + if (G_LIKELY (new_owner[0] == '\0' || g_dbus_is_name (new_owner))) name_watcher_set_name_owner_unlocked (name_watcher, new_owner); else g_warning ("Received NameOwnerChanged signal with invalid owner \"%s\" for \"%s\"", @@ -2454,7 +2457,10 @@ name_watcher_deliver_get_name_owner_reply_unlocked (SignalData *name_watcher, g_variant_get (body, "(&s)", &new_owner); - if (G_LIKELY (g_dbus_is_unique_name (new_owner))) + /* FIXME: This should be validating that `new_owner` is a unique name, + * but IBus’ implementation of a message bus is not compliant with the spec. + * See https://gitlab.gnome.org/GNOME/glib/-/issues/3353 */ + if (G_LIKELY (g_dbus_is_name (new_owner))) name_watcher_set_name_owner_unlocked (name_watcher, new_owner); else g_warning ("Received GetNameOwner reply with invalid owner \"%s\" for \"%s\"", -- GitLab
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2