Closed mrc0mmand closed 2 years ago
I have a feeling the dbus daemons don't want us going all medieval on other dbus clients :-)
I somehow keep forgetting that dfuzzer
doesn't test PID1 with its own dbus socket and all the messages go through dbus-(broker|daemon)
:-) dbus-broker
should be covered by https://github.com/google/oss-fuzz/pull/7870 eventually.
I think normal signatures should be good enough then. The current limits are in line with https://github.com/c-util/c-dvar/blob/main/src/c-dvar.h#L33 so they should reach dbus services in most cases on distributions shipping dbus-broker
. In theory dbus-daemon
should probably impose the same limits but I'm not sure.
Generally I think there should be a test or something like that that would look for those "Peer :1.34 is being disconnected" messages. If it could find them it would mean that dfuzzer
can't get past dbus-broker
and some functions should be adjusted to unleash it on services it's supposed to test instead of dbus-broker
.
I think normal signatures should be good enough then. The current limits are in line with https://github.com/c-util/c-dvar/blob/main/src/c-dvar.h#L33 so they should reach dbus services in most cases on distributions shipping
dbus-broker
. In theorydbus-daemon
should probably impose the same limits but I'm not sure.
Looks like it does:
As for the nest levels/recursion, our code might right now generate some invalid signatures, due to this restriction:
The maximum depth of container type nesting is 32 array type codes and 32 open parentheses. This implies that the maximum total depth of recursion is 64, for an "array of array of array of ... struct of struct of struct of ..." where there are 32 array and 32 struct.
https://dbus.freedesktop.org/doc/dbus-specification.html#container-types (section Valid signatures)
Even though, theoretically, the maximum depth is 64, it's only one specific corner case. dbus-daemon
handles this according to the spec:
https://github.com/freedesktop/dbus/blob/1aed6933c70eaed81ecfb079b455c6197cdfe296/dbus/dbus-protocol.h#L222-L227 https://github.com/freedesktop/dbus/blob/ef55a3db0d8f17848f8a579092fb05900cc076f5/dbus/dbus-marshal-validate.c#L51
but dbus-broker
appears to be a bit more lenient (or at least the c-dvar
library is, maybe dbus-broker
checks are stricter):
https://github.com/c-util/c-dvar/blob/fdfe98534012309c082b94014a2074a6f62dbe9b/src/c-dvar.h#L46-L61
As for the nest levels/recursion, our code might right now generate some invalid signatures
I think it would be easier to catch that if dfuzzer
didn't ignore the "The connection is closed" errors. Looking at
[CONNECTED TO PID: 1]
Object: /
Interface: org.freedesktop.DBus.Properties
Method: Set (ssv) => 1 iterations
EXCE Set - D-Bus exception thrown: The connection is closed
-- Signature: (ssv)
-- Value: ('AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', <(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((uint32 0, @a{ui} {}),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),),)>)
PASS [M] Set
Exit status: 0
it appears dfuzzer
returns 0
, which prevents issues like that from being ever discovered automatically.
to see if the remote side can deal with non-standard signature lengths and signature nest levels.
Posting this as a PR to have a place for discussion.
Even though
glib
doesn't have a problem with generating >255 bytes long signatures, somebody along the way is not happy, since with a 256 bytes long signature I start gettingThe connection is closed
exceptions:I tried this with both dbus-broker and dbus-daemon, both yield the same result.
dbus-broker
also logs a helpful message to the journal, which I guess is the culprit:Which makes sense, given this assert https://github.com/bus1/dbus-broker/blob/701759a08f5982f515308c269a8e224fc433f4af/src/dbus/message.c#L378
After monkey-patching the patch to test the nest-levels as well I get the same result:
with familiar dbus-broker messages in journal:
I have a feeling the dbus daemons don't want us going all medieval on other dbus clients :-)