rpms/dbus/F-7 dbus-fix-for-cve-2008-0595.patch, NONE, 1.1 dbus.spec, 1.120, 1.121

Thu Feb 28 04:37:16 UTC 2008

Author: davidz

Update of /cvs/pkgs/rpms/dbus/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6335

Modified Files:
	dbus.spec 
Added Files:
	dbus-fix-for-cve-2008-0595.patch 
Log Message:
* Wed Feb 27 2008 David Zeuthen <davidz at redhat.com> - 1.0.2-7%{?dist}
- CVE-2008-0595



dbus-fix-for-cve-2008-0595.patch:

--- NEW FILE dbus-fix-for-cve-2008-0595.patch ---

diff --git a/bus/policy.c b/bus/policy.c
index 383b2b1..caa544e 100644
--- a/bus/policy.c
+++ b/bus/policy.c
@@ -942,9 +942,19 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
       
       if (rule->d.send.interface != NULL)
         {
-          if (dbus_message_get_interface (message) != NULL &&
-              strcmp (dbus_message_get_interface (message),
-                      rule->d.send.interface) != 0)
+          /* The interface is optional in messages. For allow rules, if the message
+           * has no interface we want to skip the rule (and thus not allow);
+           * for deny rules, if the message has no interface we want to use the
+           * rule (and thus deny).
+           */
+          dbus_bool_t no_interface;
+
+          no_interface = dbus_message_get_interface (message) == NULL;
+          
+          if ((no_interface && rule->allow) ||
+              (!no_interface && 
+               strcmp (dbus_message_get_interface (message),
+                       rule->d.send.interface) != 0))
             {
               _dbus_verbose ("  (policy) skipping rule for different interface\n");
               continue;
@@ -1128,9 +1138,19 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
       
       if (rule->d.receive.interface != NULL)
         {
-          if (dbus_message_get_interface (message) != NULL &&
-              strcmp (dbus_message_get_interface (message),
-                      rule->d.receive.interface) != 0)
+          /* The interface is optional in messages. For allow rules, if the message
+           * has no interface we want to skip the rule (and thus not allow);
+           * for deny rules, if the message has no interface we want to use the
+           * rule (and thus deny).
+           */
+          dbus_bool_t no_interface;
+
+          no_interface = dbus_message_get_interface (message) == NULL;
+          
+          if ((no_interface && rule->allow) ||
+              (!no_interface &&
+               strcmp (dbus_message_get_interface (message),
+                       rule->d.receive.interface) != 0))
             {
               _dbus_verbose ("  (policy) skipping rule for different interface\n");
               continue;


Index: dbus.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dbus/F-7/dbus.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- dbus.spec	22 Jun 2007 19:37:39 -0000	1.120
+++ dbus.spec	28 Feb 2008 04:36:23 -0000	1.121
@@ -8,7 +8,7 @@
 Summary: D-BUS message bus
 Name: dbus
 Version: 1.0.2 
-Release: 6%{?dist}
+Release: 7%{?dist}
 URL: http://www.freedesktop.org/software/dbus/
 Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
 Source1: doxygen_to_devhelp.xsl
@@ -37,6 +37,8 @@
 Patch2: dbus-0.92-audit-system.patch
 Patch4: dbus-1.0.1-generate-xml-docs.patch
 Patch5: dbus-1.0.2-selinux.patch
+# CVE-2008-0595
+Patch6: dbus-fix-for-cve-2008-0595.patch
 
 %description
 
@@ -73,6 +75,7 @@
 %patch2 -p1 -b .audit_system
 %patch4 -p1 -b .generate-xml-docs
 %patch5 -p1 -b .selinux-send-to-audit
+%patch6 -p1 -b .cve-2008-0595
 
 autoreconf -f -i
 
@@ -189,6 +192,9 @@
 %{_datadir}/devhelp/books/dbus
 
 %changelog
+* Wed Feb 27 2008 David Zeuthen <davidz at redhat.com> - 1.0.2-7%{?dist}
+- CVE-2008-0595
+
 * Fri Jun 22 2007 Matthias Clasen <mclasen at redhat.com> - 1.0.2-6
 - Don't require libxml-python needlessly (#245300)
 


