From b23ab834be5cb085f96a3756f69ba791ad041950 Mon Sep 17 00:00:00 2001 From: Ralf Habacker Date: Tue, 24 Apr 2018 10:37:15 +0200 Subject: [PATCH] On windows lock client pid to avoid pid reusage Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83499 --- dbus/dbus-credentials.c | 31 +++++++++++++++++++++++++++++++ dbus/dbus-credentials.h | 5 +++++ dbus/dbus-sysdeps-win.c | 12 ++++++++++++ 3 files changed, 48 insertions(+) diff --git a/dbus/dbus-credentials.c b/dbus/dbus-credentials.c index 4a7bafd1..e0cd251b 100644 --- a/dbus/dbus-credentials.c +++ b/dbus/dbus-credentials.c @@ -56,6 +56,10 @@ struct DBusCredentials { char *linux_security_label; void *adt_audit_data; dbus_int32_t adt_audit_data_size; +#ifdef DBUS_WIN + /** handle to lock client pid */ + HANDLE process_handle; +#endif }; /** @} */ @@ -88,6 +92,9 @@ _dbus_credentials_new (void) creds->linux_security_label = NULL; creds->adt_audit_data = NULL; creds->adt_audit_data_size = 0; +#ifdef DBUS_WIN + creds->process_handle = 0; +#endif return creds; } @@ -143,6 +150,10 @@ _dbus_credentials_unref (DBusCredentials *credentials) dbus_free (credentials->windows_sid); dbus_free (credentials->linux_security_label); dbus_free (credentials->adt_audit_data); +#ifdef DBUS_WIN + if (credentials->process_handle != 0) + CloseHandle (credentials->process_handle); +#endif dbus_free (credentials); } } @@ -163,6 +174,21 @@ _dbus_credentials_add_pid (DBusCredentials *credentials, } /** + * Add a Windows process handle to the credentials. + * + * @param credentials the object + * @param process_handle the process handle + * @returns #FALSE if no memory + */ +dbus_bool_t +_dbus_credentials_add_process_handle (DBusCredentials *credentials, + HANDLE process_handle) +{ + credentials->process_handle = process_handle; + return TRUE; +} + +/** * Add a UNIX user ID to the credentials. * * @param credentials the object @@ -604,6 +630,11 @@ _dbus_credentials_clear (DBusCredentials *credentials) dbus_free (credentials->adt_audit_data); credentials->adt_audit_data = NULL; credentials->adt_audit_data_size = 0; +#ifdef DBUS_WIN + if (credentials->process_handle != 0) + CloseHandle (credentials->process_handle); + credentials->process_handle = 0; +#endif } /** diff --git a/dbus/dbus-credentials.h b/dbus/dbus-credentials.h index 3407b725..d7e07fea 100644 --- a/dbus/dbus-credentials.h +++ b/dbus/dbus-credentials.h @@ -50,6 +50,11 @@ void _dbus_credentials_unref (DBusCredentials DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_credentials_add_pid (DBusCredentials *credentials, dbus_pid_t pid); +#ifdef DBUS_WIN +DBUS_PRIVATE_EXPORT +dbus_bool_t _dbus_credentials_add_process_handle (DBusCredentials *credentials, + HANDLE process_handle); +#endif DBUS_PRIVATE_EXPORT dbus_bool_t _dbus_credentials_add_unix_uid (DBusCredentials *credentials, dbus_uid_t uid); diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c index c1eb073e..10e25d4e 100644 --- a/dbus/dbus-sysdeps-win.c +++ b/dbus/dbus-sysdeps-win.c @@ -2073,6 +2073,18 @@ _dbus_read_credentials_socket (DBusSocket handle, return TRUE; _dbus_credentials_add_pid (credentials, pid); +#ifdef DBUS_WIN + { + HANDLE process_handle = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid); + if (process_handle == NULL) + { + dbus_set_error (error, DBUS_ERROR_IO_ERROR, + "could not get peer's process handle"); + goto out; + } + _dbus_credentials_add_process_handle (credentials, process_handle); + } +#endif if (_dbus_getsid (&sid, pid)) { -- 2.12.3