rpms
/
dbus-broker
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add coverage for CVE-2022-31213 and other config-file-related issues

This commit is contained in:
Frantisek Sumsal 2022-08-22 18:07:11 +02:00 committed by Stepan Oksanichenko
parent e0e597a849
commit c6e4bda7ac
3 changed files with 164 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.dbus-broker.metadata Normal file
View File

@ -0,0 +1 @@
2602b87b336875bc1fd6866004f16013e6cf3fe4 dbus-broker-28.tar.xz

155
33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch Normal file
View File

@ -0,0 +1,155 @@
From 33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25 Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david.rheinsberg@gmail.com>
Date: Thu, 5 May 2022 10:50:31 +0200
Subject: [PATCH] test-config: add tests for some config samples
Add infrastructure to easily parse config-samples in our test. This
allows us to add any reports about broken configurations easily, and
making sure we will not run into the same issues again.
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
---
src/launch/test-config.c | 97 +++++++++++++++++++++++++++++++++++++---
1 file changed, 91 insertions(+), 6 deletions(-)
diff --git a/src/launch/test-config.c b/src/launch/test-config.c
index 0401a434..c2f8765e 100644
--- a/src/launch/test-config.c
+++ b/src/launch/test-config.c
@@ -9,6 +9,7 @@
#include "launch/config.h"
#include "launch/nss-cache.h"
#include "util/dirwatch.h"
+#include "util/syscall.h"
static const char *test_type2str[_CONFIG_NODE_N] = {
[CONFIG_NODE_BUSCONFIG] = "busconfig",
@@ -35,12 +36,23 @@ static const char *test_type2str[_CONFIG_NODE_N] = {
[CONFIG_NODE_ASSOCIATE] = "associate",
};
-static void print_config(const char *path) {
+static int config_memfd(const char *data) {
+ ssize_t n;
+ int fd;
+
+ fd = syscall_memfd_create("dbus-broker-test-config", 0);
+ c_assert(fd >= 0);
+ n = write(fd, data, strlen(data));
+ c_assert(n == (ssize_t)strlen(data));
+
+ return fd;
+}
+
+static int parse_config(ConfigRoot **rootp, const char *path) {
_c_cleanup_(config_parser_deinit) ConfigParser parser = CONFIG_PARSER_NULL(parser);
_c_cleanup_(config_root_freep) ConfigRoot *root = NULL;
_c_cleanup_(nss_cache_deinit) NSSCache nss_cache = NSS_CACHE_INIT;
_c_cleanup_(dirwatch_freep) Dirwatch *dirwatch = NULL;
- ConfigNode *i_node;
int r;
r = dirwatch_new(&dirwatch);
@@ -49,6 +61,32 @@ static void print_config(const char *path) {
config_parser_init(&parser);
r = config_parser_read(&parser, &root, path, &nss_cache, dirwatch);
+ if (r)
+ return r;
+
+ *rootp = root;
+ root = NULL;
+ return 0;
+}
+
+static int parse_config_inline(ConfigRoot **rootp, const char *data) {
+ _c_cleanup_(c_closep) int fd = -1;
+ _c_cleanup_(c_freep) char *path = NULL;
+ int r;
+
+ fd = config_memfd(data);
+ r = asprintf(&path, "/proc/self/fd/%d", fd);
+ c_assert(r > 0);
+
+ return parse_config(rootp, path);
+}
+
+static void print_config(const char *path) {
+ _c_cleanup_(config_root_freep) ConfigRoot *root = NULL;
+ ConfigNode *i_node;
+ int r;
+
+ r = parse_config(&root, path);
c_assert(!r);
c_list_for_each_entry(i_node, &root->node_list, root_link) {
@@ -56,18 +94,65 @@ static void print_config(const char *path) {
}
}
-static void test_config(void) {
+static void test_config_base(void) {
_c_cleanup_(config_parser_deinit) ConfigParser parser = CONFIG_PARSER_NULL(parser);
config_parser_init(&parser);
config_parser_deinit(&parser);
}
+static void test_config_sample0(void) {
+ _c_cleanup_(config_root_freep) ConfigRoot *root = NULL;
+ const char *data;
+ int r;
+
+ data =
+"<?xml version=\"1.0\"?> <!--*-nxml-*-->\
+<!DOCTYPE g PUBLIC \"-/N\"\
+ \"htt\">\
+<busconfig>\
+ <policy user=\"root\">\
+ <allow own_prefix=\"oramd\"/>\
+ <allow send_interface=\"d\"/>\
+ </policy>\
+ <user ix=\"d\"/>\
+ </cy>";
+
+ r = parse_config_inline(&root, data);
+ c_assert(r == CONFIG_E_INVALID);
+}
+
+static void test_config_sample1(void) {
+ _c_cleanup_(config_root_freep) ConfigRoot *root = NULL;
+ const char *data;
+ int r;
+
+ data =
+"<?xml version=\"1.0\"?> <!--*-nxml-*-->\
+<!DOCTYPE g PUBLIC \"-/N\"\
+ \"htt\">\
+<busconfig>\
+ <policy user=\"root\">\
+ <allow own_prefix=\"oramd\"/>\
+ <allow send_interface=\"d\"/>\
+ </policy>\
+ <policy context=\"default\"/> <user ix=\"d\"/>\
+ </policy>\
+</busconfig>";
+
+ r = parse_config_inline(&root, data);
+ c_assert(r == CONFIG_E_INVALID);
+}
+
int main(int argc, char **argv) {
- if (argc < 2)
- test_config();
- else
+ if (argc > 1) {
print_config(argv[1]);
+ return 0;
+ }
+
+ test_config_base();
+ test_config_sample0();
+ test_config_sample1();
return 0;
}

11
dbus-broker.spec
View File

@ -2,15 +2,16 @@
Name: dbus-broker
Version: 28
Release: 6%{?dist}
Release: 7%{?dist}
Summary: Linux D-Bus Message Broker
License: ASL 2.0
URL: https://github.com/bus1/dbus-broker
Source0: https://github.com/bus1/dbus-broker/releases/download/v%{version}/dbus-broker-%{version}.tar.xz
Patch0000: https://github.com/bus1/dbus-broker/commit/1add8a7d60e46806e0ef87994d3024245db0d84a.patch
Patch0001: https://github.com/bus1/dbus-broker/commit/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch
Patch0002: cve-2022-31212.patch
Patch0003: cve-2022-31213.patch
Patch0002: cve-2022-31212.patch
Patch0003: cve-2022-31213.patch
Patch0004: https://github.com/bus1/dbus-broker/commit/33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch
%{?systemd_requires}
BuildRequires: pkgconfig(audit)
BuildRequires: pkgconfig(expat)
@ -97,6 +98,10 @@ fi
%{_userunitdir}/dbus-broker.service
%changelog
* Mon Aug 22 2022 Frantisek Sumsal <fsumsal@redhat.com> - 28-7
- Add coverage for CVE-2022-31213 and other config-file-related issues
Related: CVE-2022-31213
* Tue Aug 02 2022 Jakub Martisko <jamartis@redhat.com> - 28-6
- Fix a stack buffer over-read in the c-shquote library
- Fix null pointer reference when supplying a malformed XML config file