Bug 97298

Summary: libdbus WaitingForOK state handling does not appear to match spec
Product: dbus Reporter: Simon McVittie <smcv>
Component: coreAssignee: D-Bus Maintainers <dbus>
Status: RESOLVED MOVED QA Contact: D-Bus Maintainers <dbus>
Severity: normal    
Priority: medium CC: dbus, smcv, thiago, tzimmermann
Version: git master   
Hardware: All   
OS: All   
URL: https://lists.freedesktop.org/archives/dbus/2016-August/016982.html
Whiteboard:
i915 platform: i915 features:

Description Simon McVittie 2016-08-11 14:47:50 UTC 
+++ This bug was initially created as a clone of Bug #97282 +++

gcc 6 warns that

static const DBusAuthStateData client_state_waiting_for_ok

is unused. This suggests that either DBusAuth is doing something in the client side of authentication that doesn't match what dbus-specification says it should do, or the states in DBusAuth don't exactly match the states in dbus-specification.

For now I'm going to mark it as _DBUS_GNUC_UNUSED so the build at least succeeds.
Comment 1 Simon McVittie 2016-08-12 18:38:25 UTC 
Looking again at the specification, I think what's going on here might be that only some SASL mechanisms would have the state transition into the WaitingForOK state, and the limited set of SASL mechanisms implemented by dbus does not actually include any of those.

Arguably, the "initial response" for EXTERNAL should go into the WaitingForOK state: we send an "initial response" that is everything the server needs to know about us, so we cannot legitimately be asked for more data. This would mean that, pedantically, the client_initial_response_func and client_data_func ought to return one of { CONTINUE, OK, ERROR, OOM } instead of a boolean.

D-Bus is not a fully general SASL implementation: we assume that the client trusts the server. As such, the distinction between WaitingForOK and WaitingForData is mostly academic: it would only help if we were trying to detect a misbehaving server that sends more DATA than it should.

Setting this up more correctly might be needed for Bug #96577, but that feature request scares me :-)
Comment 2 GitLab Migration User 2018-10-12 21:28:33 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/152.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.