Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
ibus.12520
ibus-CVE-2019-14822.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ibus-CVE-2019-14822.patch of Package ibus.12520
diff -Nura ibus-1.5.8/bus/server.c ibus-1.5.8_new/bus/server.c --- ibus-1.5.8/bus/server.c 2014-07-24 12:24:25.000000000 +0800 +++ ibus-1.5.8_new/bus/server.c 2019-09-12 03:16:50.821381266 +0800 @@ -70,16 +70,64 @@ } /** - * bus_new_connection_cb: - * @user_data: always NULL. - * @returns: TRUE when the function can handle the connection. - * - * Handle incoming connections. - */ + * bus_allow_mechanism_cb: + * @observer: A #GDBusAuthObserver. + * @mechanism: The name of the mechanism. + * @user_data: always %NULL. + * + * Check if @mechanism can be used to authenticate the other peer. + * Returns: %TRUE if the peer's mechanism is allowed. + */ static gboolean -bus_new_connection_cb (GDBusServer *server, - GDBusConnection *dbus_connection, - gpointer user_data) +bus_allow_mechanism_cb (GDBusAuthObserver *observer, + const gchar *mechanism, + G_GNUC_UNUSED gpointer user_data) +{ + if (g_strcmp0 (mechanism, "EXTERNAL") == 0) + return TRUE; + return FALSE; +} + +/** + * bus_authorize_authenticated_peer_cb: + * @observer: A #GDBusAuthObserver. + * @stream: A #GIOStream. + * @credentials: A #GCredentials. + * @user_data: always %NULL. + * + * Check if a peer who has already authenticated should be authorized. + * Returns: %TRUE if the peer's credential is authorized. + */ +static gboolean +bus_authorize_authenticated_peer_cb (GDBusAuthObserver *observer, + GIOStream *stream, + GCredentials *credentials, + G_GNUC_UNUSED gpointer user_data) +{ + gboolean authorized = FALSE; + if (credentials) { + GCredentials *own_credentials = g_credentials_new (); + if (g_credentials_is_same_user (credentials, own_credentials, NULL)) + authorized = TRUE; + g_object_unref (own_credentials); + } + return authorized; +} + +/** + * bus_new_connection_cb: + * @observer: A #GDBusAuthObserver. + * @dbus_connection: A #GDBusconnection. + * @user_data: always %NULL. + * + * Handle incoming connections. + * Returns: %TRUE when the function can handle the connection. + */ +static gboolean +bus_new_connection_cb (GDBusServer *server, + GDBusConnection *dbus_connection, + G_GNUC_UNUSED gpointer user_data) + { BusConnection *connection = bus_connection_new (dbus_connection); bus_dbus_impl_new_connection (dbus, connection); @@ -93,25 +141,85 @@ return TRUE; } +static void +_server_connect_start_portal_cb (GObject *source_object, + GAsyncResult *res, + G_GNUC_UNUSED gpointer user_data) +{ + GVariant *result; + GError *error = NULL; + + result = g_dbus_connection_call_finish (G_DBUS_CONNECTION (source_object), + res, + &error); + if (result != NULL) { + g_variant_unref (result); + } else { + g_print ("portal is not running: %s\n", error->message); + g_error_free (error); + } +} + +static void +bus_acquired_handler (GDBusConnection *connection, + const gchar *name, + G_GNUC_UNUSED gpointer user_data) +{ + g_dbus_connection_call (connection, + IBUS_SERVICE_PORTAL, + IBUS_PATH_IBUS, + "org.freedesktop.DBus.Peer", + "Ping", + g_variant_new ("()"), + G_VARIANT_TYPE ("()"), + G_DBUS_CALL_FLAGS_NONE, + -1, + NULL /* cancellable */, + (GAsyncReadyCallback) + _server_connect_start_portal_cb, + NULL); +} + void bus_server_init (void) { + GError *error = NULL; + GDBusServerFlags flags = G_DBUS_SERVER_FLAGS_NONE; + gchar *guid; + GDBusAuthObserver *observer; + dbus = bus_dbus_impl_get_default (); ibus = bus_ibus_impl_get_default (); bus_dbus_impl_register_object (dbus, (IBusService *)ibus); /* init server */ - GDBusServerFlags flags = G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS; - gchar *guid = g_dbus_generate_guid (); + guid = g_dbus_generate_guid (); + observer = g_dbus_auth_observer_new (); + if (!g_str_has_prefix (g_address, "unix:tmpdir=")) { + g_error ("Your socket address does not have the format unix:tmpdir=$DIR; %s", + g_address); + } server = g_dbus_server_new_sync ( g_address, /* the place where the socket file lives, e.g. /tmp, abstract namespace, etc. */ flags, guid, - NULL /* observer */, + observer, NULL /* cancellable */, - NULL /* error */); + &error); + if (server == NULL) { + g_error ("g_dbus_server_new_sync() is failed with address %s " + "and guid %s: %s", + g_address, guid, error->message); + } g_free (guid); g_signal_connect (server, "new-connection", G_CALLBACK (bus_new_connection_cb), NULL); + g_signal_connect (observer, "allow-mechanism", + G_CALLBACK (bus_allow_mechanism_cb), NULL); + g_signal_connect (observer, "authorize-authenticated-peer", + G_CALLBACK (bus_authorize_authenticated_peer_cb), NULL); + g_object_unref (observer); + g_signal_connect (server, "new-connection", + G_CALLBACK (bus_new_connection_cb), NULL); g_dbus_server_start (server); @@ -123,8 +231,10 @@ ibus_write_address (address); /* own a session bus name so that third parties can easily track our life-cycle */ - g_bus_own_name (G_BUS_TYPE_SESSION, IBUS_SERVICE_IBUS, G_BUS_NAME_OWNER_FLAGS_NONE, - NULL, NULL, NULL, NULL, NULL); + g_bus_own_name (G_BUS_TYPE_SESSION, IBUS_SERVICE_IBUS, + G_BUS_NAME_OWNER_FLAGS_NONE, + bus_acquired_handler, + NULL, NULL, NULL, NULL); } const gchar * diff -Nura ibus-1.5.8/src/ibusshare.h ibus-1.5.8_new/src/ibusshare.h --- ibus-1.5.8/src/ibusshare.h 2014-07-24 12:24:26.000000000 +0800 +++ ibus-1.5.8_new/src/ibusshare.h 2019-09-12 03:18:23.299243150 +0800 @@ -52,6 +52,13 @@ #define IBUS_SERVICE_IBUS "org.freedesktop.IBus" /** + * IBUS_SERVICE_PORTAL: + * + * Address of IBus portalservice. + */ +#define IBUS_SERVICE_PORTAL "org.freedesktop.portal.IBus" + +/** * IBUS_SERVICE_PANEL: * * Address of IBus panel service.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor