From a12dbdf48c227ed67557347e4e59ad74a7a1c597 Mon Sep 17 00:00:00 2001 From: Ralf Habacker Date: Thu, 18 Aug 2016 19:14:19 +0200 Subject: [PATCH] On bus startup check given auth in config file against supported mechanismen. This fixes a security hole caused by dbus-daemon ignoring misspelled or unsupported auth mechanismen in bus config file and falling back silently to a less secure authentification level. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96577 --- bus/bus.c | 16 ++++++++++++++++ dbus/dbus-auth.c | 41 +++++++++++++++++++++++++++++++++++++++++ dbus/dbus-auth.h | 4 ++++ 3 files changed, 61 insertions(+) diff --git a/bus/bus.c b/bus/bus.c index 103447c..92f3af1 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -37,6 +37,7 @@ #include "apparmor.h" #include "audit.h" #include "dir-watch.h" +#include #include #include #include @@ -408,6 +409,21 @@ process_config_first_time_only (BusContext *context, link = _dbus_list_get_first_link (auth_mechanisms_list); while (link != NULL) { + DBusString name; + _dbus_string_init_const (&name, link->data); + if (!_dbus_auth_is_supported_mechanismus (&name)) + { + DBusString list; + _dbus_string_init (&list); + _dbus_auth_get_supported_mechanismen (&list); + dbus_set_error (error, DBUS_ERROR_FAILED, + "Unsupported auth mechanismus \"%s\" in bus config file detected. Supported mechanismen are \"%s\".", + link->data, + _dbus_string_get_const_data (&list)); + _dbus_string_free (&list); + retval = FALSE; + goto failed; + } auth_mechanisms[i] = _dbus_strdup (link->data); if (auth_mechanisms[i] == NULL) goto oom; diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c index 18c12b4..206ab32 100644 --- a/dbus/dbus-auth.c +++ b/dbus/dbus-auth.c @@ -3002,6 +3002,47 @@ _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth) return auth->unix_fd_negotiated; } +/** + * Queries whether the given auth mechanismus is supported. + * + * @param auth the auth mechanismus to query for + * @returns #TRUE when auth mechanismus is supported + */ +dbus_bool_t +_dbus_auth_is_supported_mechanismus(DBusString *name) +{ + _dbus_assert (name != NULL); + + return find_mech(name, NULL) != 0; +} + +/** + * Return string containing all supported auth mechanismen. + * + * @param string to hold the supported auth mechanismen + * @returns #FALSE on oom + */ +dbus_bool_t +_dbus_auth_get_supported_mechanismen(DBusString *buffer) +{ + int i; + _dbus_assert (buffer != NULL); + + i = 0; + while (all_mechanisms[i].mechanism != NULL) + { + if (i > 0) + { + if (!_dbus_string_append (buffer, " ")) + return FALSE; + } + if (!_dbus_string_append (buffer, all_mechanisms[i].mechanism)) + return FALSE; + ++i; + } + return TRUE; +} + /** @} */ /* tests in dbus-auth-util.c */ diff --git a/dbus/dbus-auth.h b/dbus/dbus-auth.h index c62bcd1..e475f75 100644 --- a/dbus/dbus-auth.h +++ b/dbus/dbus-auth.h @@ -92,6 +92,10 @@ const char* _dbus_auth_get_guid_from_server(DBusAuth *auth); void _dbus_auth_set_unix_fd_possible(DBusAuth *auth, dbus_bool_t b); dbus_bool_t _dbus_auth_get_unix_fd_negotiated(DBusAuth *auth); +DBUS_PRIVATE_EXPORT +dbus_bool_t _dbus_auth_is_supported_mechanismus(DBusString *name); +DBUS_PRIVATE_EXPORT +dbus_bool_t _dbus_auth_get_supported_mechanismen(DBusString *buffer); DBUS_END_DECLS -- 2.6.6