From ebdee81b8be2be030d568d6d84dc16fd288ddaa7 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 6 Oct 2015 12:43:22 +0100 Subject: [PATCH 1/2] BecomeMonitor: do not overwrite error with another error If the user gave us a syntactically invalid error name, we'd overwrite the MatchRuleInvalid error with NoMemory, causing an assertion failure (crash) in the dbus-daemon. This is not a denial-of-service vulnerability on the system bus, because monitoring is a privileged action, and root privilege is checked before this code is reached. However, it's an annoying bug on the session bus. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92298 --- bus/driver.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/bus/driver.c b/bus/driver.c index 379a47e..852ac53 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -2006,10 +2006,7 @@ bus_driver_handle_become_monitor (DBusConnection *connection, rule = bus_match_rule_parse (connection, &str, error); if (rule == NULL) - { - BUS_SET_OOM (error); - goto out; - } + goto out; /* monitors always eavesdrop */ bus_match_rule_set_client_is_eavesdropping (rule, TRUE); -- 2.6.0