1. 23 Nov, 2015 2 commits
  2. 23 Oct, 2015 3 commits
  3. 21 Jul, 2015 7 commits
  4. 17 Jun, 2015 2 commits
  5. 12 Jun, 2015 1 commit
  6. 11 Jun, 2015 1 commit
  7. 09 Jun, 2015 2 commits
  8. 14 May, 2015 7 commits
  9. 12 May, 2015 2 commits
    • Simon McVittie's avatar
      Security hardening: force EXTERNAL auth in session.conf on Unix · d9ab8931
      Simon McVittie authored
      DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e.
      indirectly dependent on high-quality pseudo-random numbers
      whereas EXTERNAL authentication (credentials-passing)
      is mediated by the kernel and cannot be faked.
      
      On Windows, EXTERNAL authentication is not available,
      so we continue to use the hard-coded default (all
      authentication mechanisms are tried).
      
      Users of tcp: or nonce-tcp: on Unix will have to comment
      this out, but they would have had to use a special
      configuration anyway (to set the listening address),
      and the tcp: and nonce-tcp: transports are inherently
      insecure unless special steps are taken to have them
      restricted to a VPN or SSH tunnelling.
      
      Users of obscure Unix platforms (those that trigger
      the warning "Socket credentials not supported on this Unix OS"
      when compiling dbus-sysdeps-unix.c) might also have to
      comment this out, or preferably provide a tested patch
      to enable credentials-passing on that OS.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414
      d9ab8931
    • Simon McVittie's avatar
      release · 590c3fa9
      Simon McVittie authored
      590c3fa9
  10. 08 May, 2015 2 commits
    • Ralf Habacker's avatar
      reader_init: Initialize all fields of struct DBusTypeReader (CID 54754, 54772, 54773). · 77e1b311
      Ralf Habacker authored
      This patch is based on the fix for 'Field reader.array_len_offset is
      uninitialized'
      
      Reported by Coverity: CID 54754, 54772, 54773: Uninitialized scalar
      variable (UNINIT)
      
      [smcv: also re-order how the class is set when we recurse, so that
      the sub-reader's class doesn't end up NULL]
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90021
      77e1b311
    • Simon McVittie's avatar
      Revert "reader_init: Initialize all fields of struct DBusTypeReader (CID 54754, 54772, 54773)." · 480f0182
      Simon McVittie authored
      This reverts commit 21a7873f.
      
      This appears to cause a segfault, presumably resulting from something
      assuming that reader_init() would not reinitialize all fields:
      
       #0  0x00007ffff7b74777 in _dbus_type_reader_get_current_type (reader=reader@entry=0x7fffffffda50) at .../dbus/dbus-marshal-recursive.c:791
       #1  0x00007ffff7b719d0 in _dbus_header_cache_check (header=<optimized out>)
          at .../dbus/dbus-marshal-header.c:209
       #2  0x00007ffff7b719d0 in _dbus_header_cache_check (header=header@entry=0x624658, field=field@entry=6) at .../dbus/dbus-marshal-header.c:250
       #3  0x00007ffff7b72884 in _dbus_header_get_field_basic (header=header@entry=0x624658, field=field@entry=6, type=type@entry=115, value=value@entry=0x7fffffffdbd8) at .../dbus/dbus-marshal-header.c:1365
       #4  0x00007ffff7b7d8c2 in dbus_message_get_destination (message=message@entry=0x624650) at .../dbus/dbus-message.c:3457
       #5  0x00007ffff7b67be6 in _dbus_connection_send_preallocated_unlocked_no_update (connection=connection@entry=0x6236d0, preallocated=0x0,
          preallocated@entry=0x6234c0, message=message@entry=0x624650, client_serial=client_serial@entry=0x7fffffffdcbc)
          at .../dbus/dbus-connection.c:2017
      480f0182
  11. 06 May, 2015 11 commits