diff --git a/backport-Do-not-crash-when-reloading-configuration.patch b/backport-Do-not-crash-when-reloading-configuration.patch new file mode 100644 index 0000000000000000000000000000000000000000..bf4802fbf35c583ec7f009570635ba0e1fa1e230 --- /dev/null +++ b/backport-Do-not-crash-when-reloading-configuration.patch @@ -0,0 +1,66 @@ +From c3b1e4daa5b0ed5729f0f12bc6a3ba50a391f7f6 Mon Sep 17 00:00:00 2001 +From: hongjinghao +Date: Thu, 4 Jan 2024 15:15:53 +0800 +Subject: [PATCH] Do not crash when reloading configuration with > 128 dirs + +When `dbus-daemon` sets more than 128 directories for `XDG_DATA_DIRS`, +none of the elements in `new_dirs` will be `NULL`, which resulted in +these loops reading out-of-bounds (undefined behaviour). In practice +this led to a crash. + +To avoid this, make sure to stop iteration at the end of the array. + +[smcv: Expanded commit message] +Resolves: dbus/dbus#481 +--- + bus/dir-watch-inotify.c | 4 ++-- + bus/dir-watch-kqueue.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/bus/dir-watch-inotify.c b/bus/dir-watch-inotify.c +index 77b2d5a92..4f269777f 100644 +--- a/bus/dir-watch-inotify.c ++++ b/bus/dir-watch-inotify.c +@@ -131,7 +131,7 @@ _set_watched_dirs_internal (BusContext *context, + /* Look for directories in both the old and new sets, if + * we find one, move its data into the new set. + */ +- for (i = 0; new_dirs[i]; i++) ++ for (i = 0; i < MAX_DIRS_TO_WATCH && new_dirs[i]; i++) + { + for (j = 0; j < num_wds; j++) + { +@@ -160,7 +160,7 @@ _set_watched_dirs_internal (BusContext *context, + } + } + +- for (i = 0; new_dirs[i]; i++) ++ for (i = 0; i < MAX_DIRS_TO_WATCH && new_dirs[i]; i++) + { + if (new_wds[i] == -1) + { +diff --git a/bus/dir-watch-kqueue.c b/bus/dir-watch-kqueue.c +index b419606e3..07b505c99 100644 +--- a/bus/dir-watch-kqueue.c ++++ b/bus/dir-watch-kqueue.c +@@ -235,7 +235,7 @@ bus_set_watched_dirs (BusContext *context, DBusList **directories) + /* Look for directories in both the old and new sets, if + * we find one, move its data into the new set. + */ +- for (i = 0; new_dirs[i]; i++) ++ for (i = 0; i < MAX_DIRS_TO_WATCH && new_dirs[i]; i++) + { + for (j = 0; j < num_fds; j++) + { +@@ -264,7 +264,7 @@ bus_set_watched_dirs (BusContext *context, DBusList **directories) + } + } + +- for (i = 0; new_dirs[i]; i++) ++ for (i = 0; i < MAX_DIRS_TO_WATCH && new_dirs[i]; i++) + { + if (new_fds[i] == -1) + { +-- +GitLab + diff --git a/backport-bus-dir-watch-Do-not-crash-with-128-dirs.patch b/backport-bus-dir-watch-Do-not-crash-with-128-dirs.patch new file mode 100644 index 0000000000000000000000000000000000000000..d3fa0ccfd9292ac0ac650e14778bc037fe17bdf5 --- /dev/null +++ b/backport-bus-dir-watch-Do-not-crash-with-128-dirs.patch @@ -0,0 +1,64 @@ +From b551b3e9737958216a1a9d359150a4110a9d0549 Mon Sep 17 00:00:00 2001 +From: Jan Tojnar +Date: Wed, 20 Apr 2022 11:07:25 +0200 +Subject: [PATCH] bus/dir-watch: Do not crash with > 128 dirs + +Without this running, dbus-daemon with long XDG_DATA_DIRS +will crash on out-of-bounds write: + + $ XDG_DATA_DIRS=$(seq -f "/foo/%g" -s ':' 129) dbus-daemon --session + *** stack smashing detected ***: terminated +--- + bus/dir-watch-inotify.c | 7 ++++++- + bus/dir-watch-kqueue.c | 7 ++++++- + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/bus/dir-watch-inotify.c b/bus/dir-watch-inotify.c +index b52a24c0f..9beadb0ec 100644 +--- a/bus/dir-watch-inotify.c ++++ b/bus/dir-watch-inotify.c +@@ -108,12 +108,17 @@ _set_watched_dirs_internal (DBusList **directories) + + i = 0; + link = _dbus_list_get_first_link (directories); +- while (link != NULL) ++ while (link != NULL && i < MAX_DIRS_TO_WATCH) + { + new_dirs[i++] = (char *)link->data; + link = _dbus_list_get_next_link (directories, link); + } + ++ if (link != NULL) ++ { ++ _dbus_warn ("Too many directories to watch them all, only watching first %d.", MAX_DIRS_TO_WATCH); ++ } ++ + /* Look for directories in both the old and new sets, if + * we find one, move its data into the new set. + */ +diff --git a/bus/dir-watch-kqueue.c b/bus/dir-watch-kqueue.c +index 183db241c..15519fcb5 100644 +--- a/bus/dir-watch-kqueue.c ++++ b/bus/dir-watch-kqueue.c +@@ -218,12 +218,17 @@ bus_set_watched_dirs (BusContext *context, DBusList **directories) + + i = 0; + link = _dbus_list_get_first_link (directories); +- while (link != NULL) ++ while (link != NULL && i < MAX_DIRS_TO_WATCH) + { + new_dirs[i++] = (char *)link->data; + link = _dbus_list_get_next_link (directories, link); + } + ++ if (link != NULL) ++ { ++ _dbus_warn ("Too many directories to watch them all, only watching first %d.", MAX_DIRS_TO_WATCH); ++ } ++ + /* Look for directories in both the old and new sets, if + * we find one, move its data into the new set. + */ +-- +GitLab + diff --git a/dbus.spec b/dbus.spec index 53bda305e2e5d1c14cedfb501adb8200ad0c8e9b..b4deb157961d5e9da52991900588c1b79da1056f 100644 --- a/dbus.spec +++ b/dbus.spec @@ -1,7 +1,7 @@ Name: dbus Epoch: 1 Version: 1.12.16 -Release: 22 +Release: 23 Summary: System Message Bus License: AFLv3.0 or GPLv2+ URL: http://www.freedesktop.org/Software/dbus/ @@ -35,6 +35,8 @@ Patch6016: backport-test-Add-a-targeted-test-for-_dbus_unix_groups_from_.patch Patch6017: backport-userdb-Add-proper-error-reporting-when-getting-group.patch Patch6018: backport-bus-Don-t-crash-if-bus_context_create_client_policy-.patch Patch6019: backport-bus-When-failing-to-reload-client-policy-continue-it.patch +Patch6020: backport-bus-dir-watch-Do-not-crash-with-128-dirs.patch +Patch6021: backport-Do-not-crash-when-reloading-configuration.patch BuildRequires: systemd-devel expat-devel libselinux-devel audit-libs-devel doxygen xmlto cmake BuildRequires: autoconf-archive libtool libX11-devel libcap-ng-devel libxslt gdb @@ -248,6 +250,10 @@ fi %exclude %{_pkgdocdir}/README %changelog +* Thu Jul 11 2024 hongjinghao - 1:1.12.16-23 +- add backport-bus-dir-watch-Do-not-crash-with-128-dirs.patch +backport-Do-not-crash-when-reloading-configuration.patch + * Thu Sep 7 2023 hongjinghao - 1:1.12.16-22 - Sync patches from dbus community