| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
DBusString instance
This is necessary to avoid possible stack overflows.
|
| |
|
|
| |
The normal style is <function-name><space>(<no-spaces>...<no-spaces>).
|
| |
|
|
| |
_dbus_get_autolaunch_address ()
|
| |
|
|
|
|
|
|
| |
variable from related cmake target
This allows cmake to construct the resulting (relocatable) runtime paths.
Fixes dbus/dbus#346
|
| | |
|
| |
|
|
| |
This is useful for tracking auto launch support in dbus-daemon.
|
| |
|
|
|
|
|
|
| |
dbus-daemon fails to launch on macOS 10.5 and above because of a breaking
change in setrlimit, in which RLIM_INFINITY is no longer supported
for RLIMIT_NOFILE. Instead we must use OPEN_MAX.
Resolves: #309
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Calling malloc() after fork is undefined behaviour if the process is
multi-threaded. locks held by a thread on fork() will never be released.
malloc() is usally protected by a lock and can therefore deadlock. glibc
is known not to deadlock in this case.
This commit does not rule out other problems on glibc-systems, but fixes an
issue on musl-libc-systems. Only restricting to async-signal safe functions
between fork() and exec() prevents undefined behaviour for sure. See
signal-safety(7).
|
| |
|
|
|
|
|
|
| |
Traditional activation is enabled/disabled with the cmake configure
parameter -DENABLE_TRADITIONAL_ACTIVATION, which is enabled by default.
This was added to the Autotools build system as part of dbus/dbus!107
but until now was not possible to disable when building with CMake.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, the hash table indexed by uid (or gid) took ownership of the
single reference to the heap-allocated struct, and the hash table
indexed by username (or group name) had a borrowed pointer to the same
struct that exists in the other hash table.
However, this can break down if you have two or more distinct usernames
that share a numeric identifier. This is generally a bad idea, because
the user-space model in such situations does not match the kernel-space
reality, and in particular there is no effective kernel-level security
boundary between such users, but it is sometimes done anyway.
In this case, when the second username is looked up in the userdb, it
overwrites (replaces) the entry in the hash table that is indexed by
uid, freeing the DBusUserInfo. This results in both the key and the
value in the hash table that is indexed by username becoming dangling
pointers (use-after-free), leading to undefined behaviour, which is
certainly not what we want to see when doing access control.
An equivalent situation can occur with groups, in the rare case where
a numeric group ID has two names (although I have not heard of this
being done in practice).
Solve this by reference-counting the data structure. There are up to
three references in practice: one held temporarily while the lookup
function is populating and storing it, one held by the hash table that
is indexed by uid, and one held by the hash table that is indexed by
name.
Closes: dbus#305
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes it more obvious that the returned pointer points to a
struct owned by the userdb, which must not be freed or have its
contents modified, and is only valid to dereference until the next
modification to the userdb's underlying hash tables (which in practice
means until the lock is released, because after that we have no
guarantees about what might be going on in another thread).
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, only the Autotools build system could do this. This commit
includes most of the same features as in the Autotools build, although
not the user-session semantics, which will be added separately.
Systemd support is controlled by the cmake variable ENABLE_SYSTEMD, which can
have the values OFF, ON and AUTO, the latter enabling support by default if
the required libraries are available.
With WITH_SYSTEMD_SYSTEMUNITDIR a custom installation location can be specified.
If it is not specified, the related install path is determined from the installed
systemd package, if present.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some editors automatically remove trailing blank lines, or
automatically add a trailing newline to avoid having a trailing
non-blank line that is not terminated by a newline. To avoid unrelated
whitespace changes when users of such editors contribute to dbus,
let's pre-emptively normalize all files.
Unlike more intrusive whitespace normalization like removing trailing
whitespace from each line, this seems unlikely to cause significant
issues with cherry-picking changes to stable branches.
Implemented by:
find . -name '*.[ch]' -print0 | \
xargs -0 perl -0777 -p -i -e 's/\n+\z//g; s/\z/\n/g'
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
|
|
|
|
|
| |
Although this error seems to be unused (DBUS_ERROR_NO_MEMORY is used
instead), let's correct the comment.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MSG_CTRUNC indicates that we have received fewer fds that we should
have done because the buffer was too small, but we were treating it
as though it indicated that we received *no* fds. If we received any,
we still have to make sure we close them, otherwise they will be leaked.
On the system bus, if an attacker can induce us to leak fds in this
way, that's a local denial of service via resource exhaustion.
Reported-by: Kevin Backhouse, GitHub Security Lab
Fixes: dbus#294
Fixes: CVE-2020-12049
Fixes: GHSL-2020-057
|
| | |
|
| |
|
|
| |
The former int type leads to warnings.
|
| | |
|
| |
|
|
|
|
| |
For cleaning purpose the event list members are initialized with
WSA_INVALID_EVENT. The cleanup code detects and handles the
case that the event list has been created from calloc ().
|
| |
|
|
|
|
|
|
| |
The function _dbus_poll() has been split into two functions,
_dbus_poll_events() and _dbus_poll_select(), each containing the
corresponding implementation.
_dbus_poll() now calls the corresponding function.
|
| | |
|
| |
|
|
|
|
| |
This provides a consistent error reporting.
Fixes #191
|
| | |
|
| |
|
|
| |
multi-line strings when memory is unavailable on Windows
|
| |
|
|
|
|
|
| |
This lets us run a subset of the tests that previously relied on extra
test-only code being compiled into libdbus.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
|
|
|
|
|
| |
This avoids unexpected precedence when used as the body of an "if" or
"else" without being wrapped in {}.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\
| |
| |
| |
| | |
sysdeps: use POSIX poll.h instead of sys/poll.h
See merge request dbus/dbus!148
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
POSIX.1-2001 and POSIX.1-2008 specifies include <poll.h> so use that
rather than the non-standard/legacy include <sys/poll.h>.
This fixes the following warnings when building with musl libc:
1 | #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
| ^~~~~~~
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
|
| |/
|
|
|
|
|
|
|
|
| |
Use getrandom(2) and fall back to /dev/urandom if it is missing or if it
fails some any reason.
This solves problem where dbus-uuidgen is called from a chroot which
lacks /dev/urandom.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
|
| |\
| |
| |
| |
| | |
sysdeps-win: Refactor cleanup of struct addrinfo during connect()
See merge request dbus/dbus!145
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As suggested on !143. Instead of remembering to free it in every error
condition, let's move its cleanup to the "out" phase so that it's done
every time.
Change the iterator variable tmp to be const so that it's obvious we
aren't meant to free that too.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \
| | |
| | |
| | |
| | | |
Remove support for non-POSIX getpwnam_r()
See merge request dbus/dbus!11
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Solaris 2.3 and 2.4 took their getpwnam_r() signature from draft 6
of the POSIX threads standard. Since Solaris 2.5 (1995), defining
_POSIX_PTHREAD_SEMANTICS opts-in to the non-draft version of
getpwnam_r(), and since Solaris 11.4 (2018), the non-draft version is
the default.
We already use AC_USE_SYSTEM_EXTENSIONS, which defines
_POSIX_PTHREAD_SEMANTICS, among other useful macros.
Thanks to Alan Coopersmith for assistance with Solaris history.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If we ran out of memory while handling connect() errors, we didn't
free the linked list of struct addrinfo. Move their cleanup to the
"out" phase of the function so that we always do it.
While I'm there, change the iterator variable tmp to be const, to make
it more obvious that we aren't meant to free it.
This is similar to commit 00badeba (!143) in the corresponding Windows
code path, but with some refactoring.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
_dbus_connect_tcp_socket_with_nonce() in OOM case
If there is no more memory available within the mentiond function, e.g.,
when checking memory management, the release of memory allocated by
getaddrinfo() is missing.
Coverity CID: 354880
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Windows debug port
Instead of creating a fixed memory area on the stack that can lead to
a stack overflow if exceeded, this configuration now uses a DBusString
instance that dynamically manages memory.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/45
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This doesn't verify that they're atomic, but does verify that they
return the right things.
This commit adds a new test function _dbus_test_check (a) to make
writing tests easier. It checks the given boolean expression and
generates a "not ok" test result if the expression is false.
Due to the current design of the test api, the test is only compiled
if embedded tests were enabled at the time of configuration.
It was also necessary to move the test_atomic target definitions in
test/Makefile.am to the --enable-embedded-tests section to avoid a
make distcheck build error.
The test case itself has been authored by smcv.
Co-authored-by: Simon McVittie <smcv@collabora.com>
|
| | |
| |
| |
| |
| |
| | |
This needs new atomic primitives: we don't have "set to a value",
and in fact that's a bit annoying to implement in terms of gcc
intrinsics. "Set to 0" and "set to nonzero" are easy, though.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Commit 724adb2f6 mangled the dbus_message_append_args() code example.
This fixes it by breaking the lines and aligning at the right places.
Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
|
| |\ \
| | |
| | |
| | |
| | | |
Break out more tests from libdbus
See merge request dbus/dbus!121
|
| | | |
| | |
| | |
| | |
| | |
| | | |
All the functions under test turn out to be DBUS_PRIVATE_EXPORT already.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
All the functions under test turn out to be DBUS_PRIVATE_EXPORT already.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of exposing _dbus_sha_test() as a private exported symbol,
we can expose _dbus_sha_compute(), which is the only thing called by
the test that isn't already exported.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This lets us expose symbols in the embedded-tests build without
expanding the symbol table of the production library.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
tests: Improve diagnostics for malloc-failure tests
See merge request dbus/dbus!118
|
