glib2/backport-gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a-well-known-name.patch

From d7c91ea7a5574e8d068b50c85350ee47c1ec5117 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Wed, 8 May 2024 10:09:40 +0100
Subject: [PATCH 1/2] gdbusconnection: Allow name owners to have the syntax of
 a well-known name

In a D-Bus-Specification-compliant message bus, the owner of a well-known
name is a unique name. However, ibus has its own small implementation
of a message bus (src/ibusbus.c) in which org.freedesktop.IBus is
special-cased to also have itself as its owner (like org.freedesktop.DBus
on a standard message bus), and connects to that bus with the
G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION flag. The ability to do
this regressed when CVE-2024-34397 was fixed.

Relax the checks to allow the owner of a well-known name to be any valid
D-Bus name, even if it is not syntactically a unique name.

Fixes: 683b14b9 "gdbus: Track name owners for signal subscriptions"
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3353
Bug-Debian: https://bugs.debian.org/1070730
Bug-Debian: https://bugs.debian.org/1070736
Bug-Debian: https://bugs.debian.org/1070743
Bug-Debian: https://bugs.debian.org/1070745
Signed-off-by: Simon McVittie <smcv@debian.org>
---
 gio/gdbusconnection.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
index ee994cecc5..fcbdffa23f 100644
--- a/gio/gdbusconnection.c
+++ b/gio/gdbusconnection.c
@@ -2380,7 +2380,7 @@ name_watcher_deliver_name_owner_changed_unlocked (SignalData *name_watcher,
       /* Our caller already checked this */
       g_assert (g_strcmp0 (name_watcher->arg0, name) == 0);
 
-      if (G_LIKELY (new_owner[0] == '\0' || g_dbus_is_unique_name (new_owner)))
+      if (G_LIKELY (new_owner[0] == '\0' || g_dbus_is_name (new_owner)))
         name_watcher_set_name_owner_unlocked (name_watcher, new_owner);
       else
         g_warning ("Received NameOwnerChanged signal with invalid owner \"%s\" for \"%s\"",
@@ -2432,7 +2432,7 @@ name_watcher_deliver_get_name_owner_reply_unlocked (SignalData *name_watcher,
 
       g_variant_get (body, "(&s)", &new_owner);
 
-      if (G_LIKELY (g_dbus_is_unique_name (new_owner)))
+      if (G_LIKELY (g_dbus_is_name (new_owner)))
         name_watcher_set_name_owner_unlocked (name_watcher, new_owner);
       else
         g_warning ("Received GetNameOwner reply with invalid owner \"%s\" for \"%s\"",
-- 
GitLab


From dd3b2f8a5fb7397dc68d89ee48d60993eda36c43 Mon Sep 17 00:00:00 2001
From: Philip Withnall <philip@tecnocode.co.uk>
Date: Wed, 8 May 2024 14:31:12 +0000
Subject: [PATCH 2/2] Apply 2 suggestion(s) to 1 file(s)

---
 gio/gdbusconnection.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
index fcbdffa23f..72e58fd77d 100644
--- a/gio/gdbusconnection.c
+++ b/gio/gdbusconnection.c
@@ -2380,6 +2380,9 @@ name_watcher_deliver_name_owner_changed_unlocked (SignalData *name_watcher,
       /* Our caller already checked this */
       g_assert (g_strcmp0 (name_watcher->arg0, name) == 0);
 
+      /* FIXME: This should be validating that `new_owner` is a unique name,
+       * but IBus’ implementation of a message bus is not compliant with the spec.
+       * See https://gitlab.gnome.org/GNOME/glib/-/issues/3353 */
       if (G_LIKELY (new_owner[0] == '\0' || g_dbus_is_name (new_owner)))
         name_watcher_set_name_owner_unlocked (name_watcher, new_owner);
       else
@@ -2432,6 +2435,9 @@ name_watcher_deliver_get_name_owner_reply_unlocked (SignalData *name_watcher,
 
       g_variant_get (body, "(&s)", &new_owner);
 
+      /* FIXME: This should be validating that `new_owner` is a unique name,
+       * but IBus’ implementation of a message bus is not compliant with the spec.
+       * See https://gitlab.gnome.org/GNOME/glib/-/issues/3353 */
       if (G_LIKELY (g_dbus_is_name (new_owner)))
         name_watcher_set_name_owner_unlocked (name_watcher, new_owner);
       else
-- 
GitLab