-
Normally, it's enough to rely on a message being given a serial number by the DBusConnection just before it is actually sent. However, in the rare case where the policy blocks the driver from sending a message (due to a deny rule or the outgoing message quota being full), we need to get a valid serial number sooner, so that we can copy it into the DBUS_HEADER_FIELD_REPLY_SERIAL field (which is mandatory) in the error message sent to monitors. Otherwise, the dbus-daemon will crash with an assertion failure if at least one Monitoring client is attached, because zero is not a valid serial number to copy. This fixes a denial-of-service vulnerability: if a privileged user is monitoring the well-known system bus using a Monitoring client like dbus-monitor or `busctl monitor`, then an unprivileged user can cause denial-of-service by triggering this crash. A mitigation for this vulnerability is to avoid attaching Monitoring clients to the system bus when t...
b159849e