From: Simon McVittie <smcv@collabora.com>
Date: Fri, 8 Mar 2024 19:44:03 +0000
Subject: tests: Add a test-case for what happens if a unique name doesn't
 exist

On GNOME/glib#3268 there was some concern about whether this would
allow an attacker to send signals and have them be matched to a
GDBusProxy in this situation, but it seems that was a false alarm.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Origin: upstream, https://gitlab.gnome.org/GNOME/glib/-/issues/3268
---
 gio/tests/gdbus-subscribe.c | 48 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/gio/tests/gdbus-subscribe.c b/gio/tests/gdbus-subscribe.c
index 3d2a14e..350ec9f 100644
--- a/gio/tests/gdbus-subscribe.c
+++ b/gio/tests/gdbus-subscribe.c
@@ -358,6 +358,53 @@ static const TestPlan plan_limit_by_unique_name =
   },
 };
 
+static const TestPlan plan_nonexistent_unique_name =
+{
+  .description = "A subscription via a unique name that doesn't exist "
+                 "accepts no messages",
+  .steps = {
+    {
+      /* Subscriber wants to receive signals from service */
+      .action = TEST_ACTION_SUBSCRIBE,
+      .u.subscribe = {
+        /* This relies on the implementation detail that the dbus-daemon
+         * (and presumably other bus implementations) never actually generates
+         * a unique name in this format */
+        .string_sender = ":0.this.had.better.not.exist",
+        .path = EXAMPLE_PATH,
+        .iface = EXAMPLE_INTERFACE,
+      },
+    },
+    {
+      /* Attacker wants to trick subscriber into thinking that service
+       * sent a signal */
+      .action = TEST_ACTION_EMIT_SIGNAL,
+      .u.signal = {
+        .sender = TEST_CONN_ATTACKER,
+        .path = EXAMPLE_PATH,
+        .iface = EXAMPLE_INTERFACE,
+        .member = FOO_SIGNAL,
+        .received_by_conn = 0,
+        .received_by_proxy = 0
+      },
+    },
+    {
+      /* Attacker tries harder, by sending a signal unicast directly to
+       * the subscriber */
+      .action = TEST_ACTION_EMIT_SIGNAL,
+      .u.signal = {
+        .sender = TEST_CONN_ATTACKER,
+        .unicast_to = TEST_CONN_SUBSCRIBER,
+        .path = EXAMPLE_PATH,
+        .iface = EXAMPLE_INTERFACE,
+        .member = FOO_SIGNAL,
+        .received_by_conn = 0,
+        .received_by_proxy = 0
+      },
+    },
+  },
+};
+
 static const TestPlan plan_limit_by_well_known_name =
 {
   .description = "A subscription via a well-known name only accepts messages "
@@ -1051,6 +1098,7 @@ main (int   argc,
   ADD_SUBSCRIBE_TEST (broadcast_from_anyone);
   ADD_SUBSCRIBE_TEST (match_twice);
   ADD_SUBSCRIBE_TEST (limit_by_unique_name);
+  ADD_SUBSCRIBE_TEST (nonexistent_unique_name);
   ADD_SUBSCRIBE_TEST (limit_by_well_known_name);
 
   return g_test_run();