bus-proxy: properly check for bus name prefixes when enforcing policy

2014-11-14 20:06:01 +01:00 · 2014-11-14 20:06:01 +01:00 · f5d8989ce5
parent 49d4b1eecf
commit f5d8989ce5
3 changed files with 22 additions and 1 deletions
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
        case POLICY_ITEM_OWN_PREFIX:
                assert(filter->name);

-                if (streq(i->name, "*") || startswith(i->name, filter->name))
+                if (streq(i->name, "*") || service_name_startswith(i->name, filter->name))
                        return is_permissive(i);
                break;

--- a/src/libsystemd/sd-bus/bus-internal.c
+++ b/src/libsystemd/sd-bus/bus-internal.c
@ -166,6 +166,26 @@ bool service_name_is_valid(const char *p) {
        return true;
 }

+char* service_name_startswith(const char *a, const char *b) {
+        const char *p;
+
+        if (!service_name_is_valid(a) ||
+            !service_name_is_valid(b))
+                return NULL;
+
+        p = startswith(a, b);
+        if (!p)
+                return NULL;
+
+        if (*p == 0)
+                return (char*) p;
+
+        if (*p == '.')
+                return (char*) p + 1;
+
+        return NULL;
+}
+
 bool member_name_is_valid(const char *p) {
        const char *q;

--- a/src/libsystemd/sd-bus/bus-internal.h
+++ b/src/libsystemd/sd-bus/bus-internal.h
@ -340,6 +340,7 @@ struct sd_bus {

 bool interface_name_is_valid(const char *p) _pure_;
 bool service_name_is_valid(const char *p) _pure_;
+char* service_name_startswith(const char *a, const char *b);
 bool member_name_is_valid(const char *p) _pure_;
 bool object_path_is_valid(const char *p) _pure_;
 char *object_path_startswith(const char *a, const char *b) _pure_;