The whole point of installing policy on custom endpoint is not not let
users of that endpoint know that a name exists. Returning -EPERM in
response to such attempts leaks the information that the name in fact
exists, but is firewalled.
To fix this, return -ENOENT when policy returns -EPERM on custom
endpoints.
Signed-off-by: Daniel Mack <daniel@zonque.org>
struct kdbus_conn *conn,
const char *name)
{
+ int ret;
+
/*
* Check policy, if the endpoint of the connection has a db.
* Note that policy DBs instanciated along with connections
if (!ep->has_policy)
return 0;
- return kdbus_policy_check_see_access_unlocked(&ep->policy_db,
- conn, name);
+ ret = kdbus_policy_check_see_access_unlocked(&ep->policy_db,
+ conn, name);
+
+ /* don't leak hints whether a name exists on a custom endpoint. */
+ if (ret == -EPERM)
+ return -ENOENT;
+
+ return ret;
}
/**
if (ep->has_policy) {
ret = kdbus_policy_check_talk_access(&ep->policy_db,
conn_src, conn_dst);
+
+ /*
+ * Don't leak hints whether a name exists on a custom
+ * endpoint.
+ */
+ if (ret == -EPERM)
+ return -ENOENT;
+
if (ret < 0)
return ret;
}
projects / platform / core / system / kdbus-bus.git / commitdiff