From db473adb207aa43cc87e2bc063349de9f634d682 Mon Sep 17 00:00:00 2001 From: Lars Uebernickel Date: Mon, 2 Nov 2015 15:47:39 +0100 Subject: [PATCH] Disallow unexpected replies Allowing to send replies when NO_REPLY_EXPECTED is set is useless in practice: Clients need to be careful not to send these replies, because bus policy could deny these messages. The spec even mentions that this issue exists. To make this more clear and misbehaving clients less likely, disallow sending unexpected replies entirely. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75749 --- doc/dbus-specification.xml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index 1e0fe20..de152f3 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -1383,12 +1383,7 @@ This message does not expect method return replies or error replies, even if it is of a type that can - have a reply; the reply can be omitted as an - optimization. It is compliant with this specification - to return the reply despite this flag, although doing - so on a bus with a non-trivial security policy - (such as the well-known system bus) may result in - access denial messages being logged for the reply. + have a reply; the reply should be omitted. Note that METHOD_CALL is the only message type currently @@ -1864,12 +1859,9 @@ header field. - If a METHOD_CALL message has the flag NO_REPLY_EXPECTED, - then as an optimization the application receiving the method - call may choose to omit the reply message (regardless of - whether the reply would have been METHOD_RETURN or ERROR). - However, it is also acceptable to ignore the NO_REPLY_EXPECTED - flag and reply anyway. + If a METHOD_CALL message has the flag NO_REPLY_EXPECTED, + then the application receiving the method should not send the reply message (regardless of + whether the reply would have been METHOD_RETURN or ERROR). Unless a message has the flag NO_AUTO_START, if the -- 2.6.2