From a12dbdf48c227ed67557347e4e59ad74a7a1c597 Mon Sep 17 00:00:00 2001
From: Ralf Habacker <ralf.habacker@freenet.de>
Date: Thu, 18 Aug 2016 19:14:19 +0200
Subject: [PATCH] On bus startup check given auth in config file against
 supported mechanismen.

This fixes a security hole caused by dbus-daemon ignoring misspelled or
unsupported auth mechanismen in bus config file and falling back silently
to a less secure authentification level.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96577
---
 bus/bus.c        | 16 ++++++++++++++++
 dbus/dbus-auth.c | 41 +++++++++++++++++++++++++++++++++++++++++
 dbus/dbus-auth.h |  4 ++++
 3 files changed, 61 insertions(+)

diff --git a/bus/bus.c b/bus/bus.c
index 103447c..92f3af1 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -37,6 +37,7 @@
 #include "apparmor.h"
 #include "audit.h"
 #include "dir-watch.h"
+#include <dbus/dbus-auth.h>
 #include <dbus/dbus-list.h>
 #include <dbus/dbus-hash.h>
 #include <dbus/dbus-credentials.h>
@@ -408,6 +409,21 @@ process_config_first_time_only (BusContext       *context,
       link = _dbus_list_get_first_link (auth_mechanisms_list);
       while (link != NULL)
         {
+          DBusString name;
+          _dbus_string_init_const (&name, link->data);
+          if (!_dbus_auth_is_supported_mechanismus (&name))
+            {
+              DBusString list;
+              _dbus_string_init (&list);
+              _dbus_auth_get_supported_mechanismen (&list);
+              dbus_set_error (error, DBUS_ERROR_FAILED,
+                              "Unsupported auth mechanismus \"%s\" in bus config file detected. Supported mechanismen are \"%s\".",
+                              link->data,
+                              _dbus_string_get_const_data (&list));
+              _dbus_string_free (&list);
+              retval = FALSE;
+              goto failed;
+            }
           auth_mechanisms[i] = _dbus_strdup (link->data);
           if (auth_mechanisms[i] == NULL)
             goto oom;
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 18c12b4..206ab32 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -3002,6 +3002,47 @@ _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth)
   return auth->unix_fd_negotiated;
 }
 
+/**
+ * Queries whether the given auth mechanismus is supported.
+ *
+ * @param auth the auth mechanismus to query for
+ * @returns #TRUE when auth mechanismus is supported
+ */
+dbus_bool_t
+_dbus_auth_is_supported_mechanismus(DBusString *name)
+{
+  _dbus_assert (name != NULL);
+
+  return find_mech(name, NULL) != 0;
+}
+
+/**
+ * Return string containing all supported auth mechanismen.
+ *
+ * @param string to hold the supported auth mechanismen
+ * @returns #FALSE on oom
+ */
+dbus_bool_t
+_dbus_auth_get_supported_mechanismen(DBusString *buffer)
+{
+  int i;
+  _dbus_assert (buffer != NULL);
+
+  i = 0;
+  while (all_mechanisms[i].mechanism != NULL)
+    {
+      if (i > 0)
+        {
+          if (!_dbus_string_append (buffer, " "))
+            return FALSE;
+        }
+      if (!_dbus_string_append (buffer, all_mechanisms[i].mechanism))
+        return FALSE;
+      ++i;
+    }
+  return TRUE;
+}
+
 /** @} */
 
 /* tests in dbus-auth-util.c */
diff --git a/dbus/dbus-auth.h b/dbus/dbus-auth.h
index c62bcd1..e475f75 100644
--- a/dbus/dbus-auth.h
+++ b/dbus/dbus-auth.h
@@ -92,6 +92,10 @@ const char*   _dbus_auth_get_guid_from_server(DBusAuth               *auth);
 
 void          _dbus_auth_set_unix_fd_possible(DBusAuth               *auth, dbus_bool_t b);
 dbus_bool_t   _dbus_auth_get_unix_fd_negotiated(DBusAuth             *auth);
+DBUS_PRIVATE_EXPORT
+dbus_bool_t   _dbus_auth_is_supported_mechanismus(DBusString         *name);
+DBUS_PRIVATE_EXPORT
+dbus_bool_t   _dbus_auth_get_supported_mechanismen(DBusString        *buffer);
 
 DBUS_END_DECLS
 
-- 
2.6.6