diff options
author | Simon McVittie <smcv@collabora.com> | 2024-03-08 19:53:22 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2024-05-01 13:42:27 +0100 |
commit | f6d1b5471ae92b5c22cb031db8cbc81e3722b9b9 (patch) | |
tree | d9fd9bc47302550bc7d4e0af4f1b562875435c5e | |
parent | fc0ee9207281bb5369c2e346606d3e321e5036ff (diff) | |
download | glib-f6d1b5471ae92b5c22cb031db8cbc81e3722b9b9.tar.gz |
tests: Add a test for signal filtering by well-known name
The vulnerability reported as GNOME/glib#3268 can be characterized
as: these signals from an attacker should not be delivered to either
the GDBusConnection or the GDBusProxy, but in fact they are (in at
least some scenarios).
Reproduces: https://gitlab.gnome.org/GNOME/glib/-/issues/3268
Signed-off-by: Simon McVittie <smcv@collabora.com>
-rw-r--r-- | gio/tests/gdbus-subscribe.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/gio/tests/gdbus-subscribe.c b/gio/tests/gdbus-subscribe.c index 171d6107d..5406ba7e2 100644 --- a/gio/tests/gdbus-subscribe.c +++ b/gio/tests/gdbus-subscribe.c @@ -441,6 +441,33 @@ static const TestPlan plan_limit_by_well_known_name = }, }, { + /* Attacker wants to trick subscriber into thinking that service + * sent a signal */ + .action = TEST_ACTION_EMIT_SIGNAL, + .u.signal = { + .sender = TEST_CONN_ATTACKER, + .path = EXAMPLE_PATH, + .iface = EXAMPLE_INTERFACE, + .member = FOO_SIGNAL, + .received_by_conn = 0, + .received_by_proxy = 0 + }, + }, + { + /* Attacker tries harder, by sending a signal unicast directly to + * the subscriber */ + .action = TEST_ACTION_EMIT_SIGNAL, + .u.signal = { + .sender = TEST_CONN_ATTACKER, + .unicast_to = TEST_CONN_SUBSCRIBER, + .path = EXAMPLE_PATH, + .iface = EXAMPLE_INTERFACE, + .member = FOO_SIGNAL, + .received_by_conn = 0, + .received_by_proxy = 0 + }, + }, + { /* When the service sends a signal with the name it already owns, * it should get through */ .action = TEST_ACTION_EMIT_SIGNAL, |