Merge branch 'dbus-1.8'

Conflicts: NEWS cmake/CMakeLists.txt configure.ac
author: Simon McVittie <simon.mcvittie@collabora.co.uk> 2015-05-14 14:41:06 +0100
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2015-05-14 14:41:06 +0100
commit: 1c4f87ca2849ae49d6083a5a279d870aee52b5a3 (patch)
tree: f8d9ac380dff3bba10aef8913df5441793be4ea9
parent: bcdead0fd4642a5e8985981c1583d40ff779299a (diff)
parent: 31489e1c4ffdbac220e1cde72fc5ce4ad43d3821 (diff)
download: dbus-1c4f87ca2849ae49d6083a5a279d870aee52b5a3.tar.gz
2 files changed, 37 insertions, 13 deletions
diff --git a/NEWS b/NEWS
index c57b7b3c..e44d4a1a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,27 @@
 D-Bus 1.9.16 (UNRELEASED)
 ==
 
+Security hardening:
+
+• On Unix platforms, change the default configuration for the session bus
+  to only allow EXTERNAL authentication (secure kernel-mediated
+  credentials-passing), as was already done for the system bus.
+
+  This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
+  unpredictable pseudo-random numbers; under certain circumstances
+  (/dev/urandom unreadable or malloc() returns NULL), dbus could
+  fall back to using rand(), which does not have the desired unpredictability.
+  The fallback to rand() has not been changed in this stable-branch since
+  the necessary code changes for correct error-handling are rather intrusive.
+
+  If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
+  in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
+  NFS or similar, you will need to reconfigure the session bus to accept
+  DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
+  is not recommended.
+
+  (fd.o #90414, Simon McVittie)
+
 Enhancements:
 
 • Add dbus_message_iter_get_element_count()
diff --git a/dbus/dbus-marshal-recursive.c b/dbus/dbus-marshal-recursive.c
index 4adfd2e9..9ba16e93 100644
--- a/dbus/dbus-marshal-recursive.c
+++ b/dbus/dbus-marshal-recursive.c
@@ -149,6 +149,7 @@ reader_init (DBusTypeReader    *reader,
              const DBusString  *value_str,
              int                value_pos)
 {
+  _DBUS_ZERO (*reader);
   reader->byte_order = byte_order;
   reader->finished = FALSE;
   reader->type_str = type_str;
@@ -736,11 +737,11 @@ _dbus_type_reader_init (DBusTypeReader    *reader,
                         const DBusString  *value_str,
                         int                value_pos)
 {
-  reader->klass = &body_reader_class;
-
   reader_init (reader, byte_order, type_str, type_pos,
                value_str, value_pos);
 
+  reader->klass = &body_reader_class;
+
 #if RECURSIVE_MARSHAL_READ_TRACE
   _dbus_verbose ("  type reader %p init type_pos = %d value_pos = %d remaining sig '%s'\n",
                  reader, reader->type_pos, reader->value_pos,
@@ -761,11 +762,11 @@ _dbus_type_reader_init_types_only (DBusTypeReader    *reader,
                                    const DBusString  *type_str,
                                    int                type_pos)
 {
-  reader->klass = &body_types_only_reader_class;
-
   reader_init (reader, DBUS_COMPILER_BYTE_ORDER /* irrelevant */,
                type_str, type_pos, NULL, _DBUS_INT_MAX /* crashes if we screw up */);
 
+  reader->klass = &body_types_only_reader_class;
+
 #if RECURSIVE_MARSHAL_READ_TRACE
   _dbus_verbose ("  type reader %p init types only type_pos = %d remaining sig '%s'\n",
                  reader, reader->type_pos,
@@ -988,6 +989,7 @@ void
 _dbus_type_reader_recurse (DBusTypeReader *reader,
                            DBusTypeReader *sub)
 {
+  const DBusTypeReaderClass *klass;
   int t;
 
   t = _dbus_first_type_in_signature (reader->type_str, reader->type_pos);
@@ -996,27 +998,27 @@ _dbus_type_reader_recurse (DBusTypeReader *reader,
     {
     case DBUS_TYPE_STRUCT:
       if (reader->klass->types_only)
-        sub->klass = &struct_types_only_reader_class;
+        klass = &struct_types_only_reader_class;
       else
-        sub->klass = &struct_reader_class;
+        klass = &struct_reader_class;
       break;
     case DBUS_TYPE_DICT_ENTRY:
       if (reader->klass->types_only)
-        sub->klass = &dict_entry_types_only_reader_class;
+        klass = &dict_entry_types_only_reader_class;
       else
-        sub->klass = &dict_entry_reader_class;
+        klass = &dict_entry_reader_class;
       break;
     case DBUS_TYPE_ARRAY:
       if (reader->klass->types_only)
-        sub->klass = &array_types_only_reader_class;
+        klass = &array_types_only_reader_class;
       else
-        sub->klass = &array_reader_class;
+        klass = &array_reader_class;
       break;
     case DBUS_TYPE_VARIANT:
       if (reader->klass->types_only)
         _dbus_assert_not_reached ("can't recurse into variant typecode");
       else
-        sub->klass = &variant_reader_class;
+        klass = &variant_reader_class;
       break;
     default:
       _dbus_verbose ("recursing into type %s\n", _dbus_type_to_string (t));
@@ -1028,9 +1030,10 @@ _dbus_type_reader_recurse (DBusTypeReader *reader,
       _dbus_assert_not_reached ("don't yet handle recursing into this type");
     }
 
-  _dbus_assert (sub->klass == all_reader_classes[sub->klass->id]);
+  _dbus_assert (klass == all_reader_classes[klass->id]);
 
-  (* sub->klass->recurse) (sub, reader);
+  (* klass->recurse) (sub, reader);
+  sub->klass = klass;
 
 #if RECURSIVE_MARSHAL_READ_TRACE
   _dbus_verbose ("  type reader %p RECURSED type_pos = %d value_pos = %d remaining sig '%s'\n",
author	Simon McVittie <simon.mcvittie@collabora.co.uk>	2015-05-14 14:41:06 +0100
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2015-05-14 14:41:06 +0100
commit	1c4f87ca2849ae49d6083a5a279d870aee52b5a3 (patch)
tree	f8d9ac380dff3bba10aef8913df5441793be4ea9
parent	bcdead0fd4642a5e8985981c1583d40ff779299a (diff)
parent	31489e1c4ffdbac220e1cde72fc5ce4ad43d3821 (diff)
download	dbus-1c4f87ca2849ae49d6083a5a279d870aee52b5a3.tar.gz