Commit d35dfa78 authored by Simon McVittie's avatar Simon McVittie

Imported Upstream version 1.8.6

parent 2aa65581
D-Bus 1.8.6 (2014-06-02)
==
Security fixes:
• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop
the message. This prevents an attack in which a malicious client can
make dbus-daemon disconnect a system service, which is a local
denial of service.
(fd.o #80163, CVE-2014-3532; Alban Crequy)
• Track remaining Unix file descriptors correctly when more than one
message in quick succession contains fds. This prevents another attack
in which a malicious client can make dbus-daemon disconnect a system
service.
(fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez,
Simon McVittie, Alban Crequy)
Other fixes:
• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot
attach to a session, kill the dbus-daemon as intended
(fd.o #74698, Роман Донченко)
D-Bus 1.8.4 (2014-06-10) D-Bus 1.8.4 (2014-06-10)
== ==
......
#! /bin/sh #! /bin/sh
# Guess values for system-dependent variables and create Makefiles. # Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for dbus 1.8.4. # Generated by GNU Autoconf 2.69 for dbus 1.8.6.
# #
# Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=dbus>. # Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=dbus>.
# #
...@@ -591,8 +591,8 @@ MAKEFLAGS= ...@@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package. # Identity of this package.
PACKAGE_NAME='dbus' PACKAGE_NAME='dbus'
PACKAGE_TARNAME='dbus' PACKAGE_TARNAME='dbus'
PACKAGE_VERSION='1.8.4' PACKAGE_VERSION='1.8.6'
PACKAGE_STRING='dbus 1.8.4' PACKAGE_STRING='dbus 1.8.6'
PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=dbus' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=dbus'
PACKAGE_URL='' PACKAGE_URL=''
...@@ -1512,7 +1512,7 @@ if test "$ac_init_help" = "long"; then ...@@ -1512,7 +1512,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing. # Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh. # This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF cat <<_ACEOF
\`configure' configures dbus 1.8.4 to adapt to many kinds of systems. \`configure' configures dbus 1.8.6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]... Usage: $0 [OPTION]... [VAR=VALUE]...
...@@ -1586,7 +1586,7 @@ fi ...@@ -1586,7 +1586,7 @@ fi
if test -n "$ac_init_help"; then if test -n "$ac_init_help"; then
case $ac_init_help in case $ac_init_help in
short | recursive ) echo "Configuration of dbus 1.8.4:";; short | recursive ) echo "Configuration of dbus 1.8.6:";;
esac esac
cat <<\_ACEOF cat <<\_ACEOF
...@@ -1783,7 +1783,7 @@ fi ...@@ -1783,7 +1783,7 @@ fi
test -n "$ac_init_help" && exit $ac_status test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then if $ac_init_version; then
cat <<\_ACEOF cat <<\_ACEOF
dbus configure 1.8.4 dbus configure 1.8.6
generated by GNU Autoconf 2.69 generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc. Copyright (C) 2012 Free Software Foundation, Inc.
...@@ -2502,7 +2502,7 @@ cat >config.log <<_ACEOF ...@@ -2502,7 +2502,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake. running configure, to aid debugging if configure makes a mistake.
It was created by dbus $as_me 1.8.4, which was It was created by dbus $as_me 1.8.6, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@ $ $0 $@
...@@ -3442,7 +3442,7 @@ fi ...@@ -3442,7 +3442,7 @@ fi
# Define the identity of the package. # Define the identity of the package.
PACKAGE='dbus' PACKAGE='dbus'
VERSION='1.8.4' VERSION='1.8.6'
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF
...@@ -3742,7 +3742,7 @@ LT_CURRENT=11 ...@@ -3742,7 +3742,7 @@ LT_CURRENT=11
## increment any time the source changes; set to ## increment any time the source changes; set to
## 0 if you increment CURRENT ## 0 if you increment CURRENT
LT_REVISION=5 LT_REVISION=6
## increment if any interfaces have been added; set to 0 ## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has ## if any interfaces have been changed or removed. removal has
...@@ -3755,8 +3755,8 @@ LT_AGE=8 ...@@ -3755,8 +3755,8 @@ LT_AGE=8
DBUS_MAJOR_VERSION=1 DBUS_MAJOR_VERSION=1
DBUS_MINOR_VERSION=8 DBUS_MINOR_VERSION=8
DBUS_MICRO_VERSION=4 DBUS_MICRO_VERSION=6
DBUS_VERSION=1.8.4 DBUS_VERSION=1.8.6
...@@ -23266,7 +23266,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ...@@ -23266,7 +23266,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their # report actual input values of CONFIG_FILES etc. instead of their
# values after options handling. # values after options handling.
ac_log=" ac_log="
This file was extended by dbus $as_me 1.8.4, which was This file was extended by dbus $as_me 1.8.6, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES CONFIG_FILES = $CONFIG_FILES
...@@ -23332,7 +23332,7 @@ _ACEOF ...@@ -23332,7 +23332,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\ ac_cs_version="\\
dbus config.status 1.8.4 dbus config.status 1.8.6
configured by $0, generated by GNU Autoconf 2.69, configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\" with options \\"\$ac_cs_config\\"
......
...@@ -3,7 +3,7 @@ AC_PREREQ([2.63]) ...@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
m4_define([dbus_major_version], [1]) m4_define([dbus_major_version], [1])
m4_define([dbus_minor_version], [8]) m4_define([dbus_minor_version], [8])
m4_define([dbus_micro_version], [4]) m4_define([dbus_micro_version], [6])
m4_define([dbus_version], m4_define([dbus_version],
[dbus_major_version.dbus_minor_version.dbus_micro_version]) [dbus_major_version.dbus_minor_version.dbus_micro_version])
AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
...@@ -37,7 +37,7 @@ LT_CURRENT=11 ...@@ -37,7 +37,7 @@ LT_CURRENT=11
## increment any time the source changes; set to ## increment any time the source changes; set to
## 0 if you increment CURRENT ## 0 if you increment CURRENT
LT_REVISION=5 LT_REVISION=6
## increment if any interfaces have been added; set to 0 ## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has ## if any interfaces have been changed or removed. removal has
......
...@@ -4204,7 +4204,7 @@ load_message (DBusMessageLoader *loader, ...@@ -4204,7 +4204,7 @@ load_message (DBusMessageLoader *loader,
message->n_unix_fds_allocated = message->n_unix_fds = n_unix_fds; message->n_unix_fds_allocated = message->n_unix_fds = n_unix_fds;
loader->n_unix_fds -= n_unix_fds; loader->n_unix_fds -= n_unix_fds;
memmove(loader->unix_fds + n_unix_fds, loader->unix_fds, loader->n_unix_fds); memmove (loader->unix_fds, loader->unix_fds + n_unix_fds, loader->n_unix_fds * sizeof (loader->unix_fds[0]));
} }
else else
message->unix_fds = NULL; message->unix_fds = NULL;
......
...@@ -761,6 +761,20 @@ _dbus_get_is_errno_epipe (void) ...@@ -761,6 +761,20 @@ _dbus_get_is_errno_epipe (void)
return errno == EPIPE; return errno == EPIPE;
} }
/**
* See if errno is ETOOMANYREFS
* @returns #TRUE if errno == ETOOMANYREFS
*/
dbus_bool_t
_dbus_get_is_errno_etoomanyrefs (void)
{
#ifdef ETOOMANYREFS
return errno == ETOOMANYREFS;
#else
return FALSE;
#endif
}
/** /**
* Get error message from errno * Get error message from errno
* @returns _dbus_strerror(errno) * @returns _dbus_strerror(errno)
......
...@@ -384,6 +384,7 @@ dbus_bool_t _dbus_get_is_errno_eagain_or_ewouldblock (void); ...@@ -384,6 +384,7 @@ dbus_bool_t _dbus_get_is_errno_eagain_or_ewouldblock (void);
dbus_bool_t _dbus_get_is_errno_enomem (void); dbus_bool_t _dbus_get_is_errno_enomem (void);
dbus_bool_t _dbus_get_is_errno_eintr (void); dbus_bool_t _dbus_get_is_errno_eintr (void);
dbus_bool_t _dbus_get_is_errno_epipe (void); dbus_bool_t _dbus_get_is_errno_epipe (void);
dbus_bool_t _dbus_get_is_errno_etoomanyrefs (void);
const char* _dbus_strerror_from_errno (void); const char* _dbus_strerror_from_errno (void);
void _dbus_disable_sigpipe (void); void _dbus_disable_sigpipe (void);
......
...@@ -645,12 +645,44 @@ do_writing (DBusTransport *transport) ...@@ -645,12 +645,44 @@ do_writing (DBusTransport *transport)
{ {
/* EINTR already handled for us */ /* EINTR already handled for us */
/* For some discussion of why we also ignore EPIPE here, see /* If the other end closed the socket with close() or shutdown(), we
* receive EPIPE here but we must not close the socket yet: there
* might still be some data to read. See:
* http://lists.freedesktop.org/archives/dbus/2008-March/009526.html * http://lists.freedesktop.org/archives/dbus/2008-March/009526.html
*/ */
if (_dbus_get_is_errno_eagain_or_ewouldblock () || _dbus_get_is_errno_epipe ()) if (_dbus_get_is_errno_eagain_or_ewouldblock () || _dbus_get_is_errno_epipe ())
goto out; goto out;
/* Since Linux commit 25888e (from 2.6.37-rc4, Nov 2010), sendmsg()
* on Unix sockets returns -1 errno=ETOOMANYREFS when the passfd
* mechanism (SCM_RIGHTS) is used recursively with a recursion level
* of maximum 4. The kernel does not have an API to check whether
* the passed fds can be forwarded and it can change asynchronously.
* See:
* https://bugs.freedesktop.org/show_bug.cgi?id=80163
*/
else if (_dbus_get_is_errno_etoomanyrefs ())
{
/* We only send fds in the first byte of the message.
* ETOOMANYREFS cannot happen after.
*/
_dbus_assert (socket_transport->message_bytes_written == 0);
_dbus_verbose (" discard message of %d bytes due to ETOOMANYREFS\n",
total_bytes_to_write);
socket_transport->message_bytes_written = 0;
_dbus_string_set_length (&socket_transport->encoded_outgoing, 0);
_dbus_string_compact (&socket_transport->encoded_outgoing, 2048);
/* The message was not actually sent but it needs to be removed
* from the outgoing queue
*/
_dbus_connection_message_sent_unlocked (transport->connection,
message);
}
else else
{ {
_dbus_verbose ("Error writing to remote app: %s\n", _dbus_verbose ("Error writing to remote app: %s\n",
......
...@@ -536,7 +536,7 @@ kill_bus_when_session_ends (void) ...@@ -536,7 +536,7 @@ kill_bus_when_session_ends (void)
if (tty_fd < 0 && x_fd < 0) if (tty_fd < 0 && x_fd < 0)
{ {
fprintf (stderr, "No terminal on standard input and no X display; cannot attach message bus to session lifetime\n"); fprintf (stderr, "No terminal on standard input and no X display; cannot attach message bus to session lifetime\n");
exit (1); kill_bus_and_exit (1);
} }
while (TRUE) while (TRUE)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment