Bug in dbus-sysdeps-unix.c in DBUS 1.2.4

[Schmottlach, Glenn]

I stumbled across this bug in dbus/dbus-sysdeps-unix.c while porting
DBus to QNX where only LOCAL_CREDS are supported for domain sockets. In
particular, in the function dbus_read_credentials_socket()  (@ line
~1218) the code tries to verify that the size of the received
credentials structure is the expected size. Unfortunately, for
LOCAL_CREDS, this is computed incorrectly:

 

BEFORE:

=======

 

#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS)

  if ( cmsg.hdr.cmsg_len < sizeof(cmsg) || cmsg.hdr.cmsg_type !=
SCM_CREDS )

 

For LOCAL_CREDS, this should actually be computed as follows:

 

AFTER:

======

 

#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS)

#if defined(HAVE_CMSGCRED)

  if ( cmsg.hdr.cmsg_len < sizeof(cmsg) || cmsg.hdr.cmsg_type !=
SCM_CREDS )

#else

  if ( (cmsg.hdr.cmsg_len < (sizeof(cmsg.hdr) + SOCKCREDSIZE(0))) ||
(cmsg.hdr.cmsg_type != SCM_CREDS) )

#endif

 

Running the dbus-daemon as root that has no (zero) supplemental groups,
a simple sizeof(cmsg) is not correct since the sc_groups[1] field of
struct sockcred will NOT be transmitted. Thankfully, the SOCKCREDSIZE
macro in sockets.h computes the correct size (assuming that at a
minimum, no supplemental groups are encoded in the stream).

 

Could the DBUS maintainers please review this change, and if correct,
apply it to the development branch.

 

Thanks. . .

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freedesktop.org/archives/dbus/attachments/20081112/a69b3f01/attachment.html