From c09d86d3e79281cac2cd5a94ea84c45d406dcbcd Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Mon, 26 Jan 2015 20:06:48 +0000
Subject: [PATCH 3/3] CVE-2015-0245: discard forged ActivationFailure messages

Without this code change, non-systemd processes can make dbus-daemon
think systemd failed to activate a system service, resulting in an
error reply back to the requester. In practice we can address this in
system.conf by only allowing root to forge these messages, but this
check is the real solution, particularly on systems where root is
not all-powerful.
---
 bus/driver.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/bus/driver.c b/bus/driver.c
index 9551f3d..f494170 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -2061,8 +2061,26 @@ bus_driver_handle_message (DBusConnection *connection,
   if (dbus_message_is_signal (message, "org.freedesktop.systemd1.Activator", "ActivationFailure"))
     {
       BusContext *context;
+      DBusConnection *systemd;
 
       context = bus_connection_get_context (connection);
+      systemd = bus_driver_get_owner_of_name (connection,
+          "org.freedesktop.systemd1");
+
+      if (systemd != connection)
+        {
+          const char *attacker;
+
+          attacker = bus_connection_get_name (connection);
+          bus_context_log (context, DBUS_SYSTEM_LOG_SECURITY,
+                           "Ignoring forged ActivationFailure message from "
+                           "connection %s (%s)",
+                           attacker ? attacker : "(unauthenticated)",
+                           bus_connection_get_loginfo (connection));
+          /* ignore it */
+          return TRUE;
+        }
+
       return dbus_activation_systemd_failure(bus_context_get_activation(context), message);
     }
 
-- 
2.1.4