"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "dbus/dbus-sysdeps-unix.c" between
dbus-1.12.16.tar.gz and dbus-1.12.18.tar.gz

About: D-Bus is an inter-process communication (IPC) system, allowing multiple, concurrently-running applications to communicate with one another. D-Bus supplies both a system daemon and a per-user-login-session daemon.

dbus-sysdeps-unix.c  (dbus-1.12.16):dbus-sysdeps-unix.c  (dbus-1.12.18)
skipping to change at line 438 skipping to change at line 438
/* put length back (note that this doesn't actually realloc anything) */ /* put length back (note that this doesn't actually realloc anything) */
_dbus_string_set_length (buffer, start); _dbus_string_set_length (buffer, start);
return -1; return -1;
} }
} }
else else
{ {
struct cmsghdr *cm; struct cmsghdr *cm;
dbus_bool_t found = FALSE; dbus_bool_t found = FALSE;
if (m.msg_flags & MSG_CTRUNC)
{
/* Hmm, apparently the control data was truncated. The bad
thing is that we might have completely lost a couple of fds
without chance to recover them. Hence let's treat this as a
serious error. */
errno = ENOSPC;
_dbus_string_set_length (buffer, start);
return -1;
}
for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
{ {
size_t i; size_t i;
int *payload = (int *) CMSG_DATA (cm); int *payload = (int *) CMSG_DATA (cm);
size_t payload_len_bytes = (cm->cmsg_len - CMSG_LEN (0)); size_t payload_len_bytes = (cm->cmsg_len - CMSG_LEN (0));
size_t payload_len_fds = payload_len_bytes / sizeof (int); size_t payload_len_fds = payload_len_bytes / sizeof (int);
size_t fds_to_use; size_t fds_to_use;
/* Every unsigned int fits in a size_t without truncation, so /* Every unsigned int fits in a size_t without truncation, so
skipping to change at line 504 skipping to change at line 492
CLOEXEC everywhere in any case */ CLOEXEC everywhere in any case */
for (i = 0; i < fds_to_use; i++) for (i = 0; i < fds_to_use; i++)
_dbus_fd_set_close_on_exec(fds[i]); _dbus_fd_set_close_on_exec(fds[i]);
break; break;
} }
if (!found) if (!found)
*n_fds = 0; *n_fds = 0;
if (m.msg_flags & MSG_CTRUNC)
{
unsigned int i;
/* Hmm, apparently the control data was truncated. The bad
thing is that we might have completely lost a couple of fds
without chance to recover them. Hence let's treat this as a
serious error. */
/* We still need to close whatever fds we *did* receive,
* otherwise they'll never get closed. (CVE-2020-12049) */
for (i = 0; i < *n_fds; i++)
close (fds[i]);
*n_fds = 0;
errno = ENOSPC;
_dbus_string_set_length (buffer, start);
return -1;
}
/* put length back (doesn't actually realloc) */ /* put length back (doesn't actually realloc) */
_dbus_string_set_length (buffer, start + bytes_read); _dbus_string_set_length (buffer, start + bytes_read);
#if 0 #if 0
if (bytes_read > 0) if (bytes_read > 0)
_dbus_verbose_bytes_of_string (buffer, start, bytes_read); _dbus_verbose_bytes_of_string (buffer, start, bytes_read);
#endif #endif
return bytes_read; return bytes_read;
} }
 End of changes. 2 change blocks. 
12 lines changed or deleted 20 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)