Matej Habrnal fa1950
From 23c800077fb6e821d54080ccc5d1258f37fcd8d4 Mon Sep 17 00:00:00 2001
Matej Habrnal fa1950
From: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950
Date: Mon, 27 Apr 2015 07:52:00 +0200
Matej Habrnal fa1950
Subject: [PATCH] dbus: report invalid element names
Matej Habrnal fa1950
Matej Habrnal fa1950
Return D-Bus error in case of invalid problem element name.
Matej Habrnal fa1950
Matej Habrnal fa1950
Related: #1214451
Matej Habrnal fa1950
Matej Habrnal fa1950
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Matej Habrnal fa1950
---
Matej Habrnal fa1950
 src/dbus/abrt-dbus.c | 35 +++++++++++++++++++++++++----------
Matej Habrnal fa1950
 1 file changed, 25 insertions(+), 10 deletions(-)
Matej Habrnal fa1950
Matej Habrnal fa1950
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
Matej Habrnal fa1950
index 0f7ac2d..489d273 100644
Matej Habrnal fa1950
--- a/src/dbus/abrt-dbus.c
Matej Habrnal fa1950
+++ b/src/dbus/abrt-dbus.c
Matej Habrnal fa1950
@@ -158,6 +158,21 @@ bool allowed_problem_dir(const char *dir_name)
Matej Habrnal fa1950
     return true;
Matej Habrnal fa1950
 }
Matej Habrnal fa1950
 
Matej Habrnal fa1950
+bool allowed_problem_element(GDBusMethodInvocation *invocation, const char *element)
Matej Habrnal fa1950
+{
Matej Habrnal fa1950
+    if (str_is_correct_filename(element))
Matej Habrnal fa1950
+        return true;
Matej Habrnal fa1950
+
Matej Habrnal fa1950
+    log_notice("'%s' is not a valid element name", element);
Matej Habrnal fa1950
+    char *error = xasprintf(_("'%s' is not a valid element name"), element);
Matej Habrnal fa1950
+    g_dbus_method_invocation_return_dbus_error(invocation,
Matej Habrnal fa1950
+            "org.freedesktop.problems.InvalidElement",
Matej Habrnal fa1950
+            error);
Matej Habrnal fa1950
+
Matej Habrnal fa1950
+    free(error);
Matej Habrnal fa1950
+    return false;
Matej Habrnal fa1950
+}
Matej Habrnal fa1950
+
Matej Habrnal fa1950
 static char *handle_new_problem(GVariant *problem_info, uid_t caller_uid, char **error)
Matej Habrnal fa1950
 {
Matej Habrnal fa1950
     problem_data_t *pd = problem_data_new();
Matej Habrnal fa1950
@@ -627,17 +642,8 @@ static void handle_method_call(GDBusConnection *connection,
Matej Habrnal fa1950
 
Matej Habrnal fa1950
         g_variant_get(parameters, "(&s&s&s)", &problem_id, &element, &value);
Matej Habrnal fa1950
 
Matej Habrnal fa1950
-        if (element == NULL || element[0] == '\0' || strlen(element) > 64)
Matej Habrnal fa1950
-        {
Matej Habrnal fa1950
-            log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
Matej Habrnal fa1950
-            char *error = xasprintf(_("'%s' is not a valid element name"), element);
Matej Habrnal fa1950
-            g_dbus_method_invocation_return_dbus_error(invocation,
Matej Habrnal fa1950
-                                              "org.freedesktop.problems.InvalidElement",
Matej Habrnal fa1950
-                                              error);
Matej Habrnal fa1950
-
Matej Habrnal fa1950
-            free(error);
Matej Habrnal fa1950
+        if (!allowed_problem_element(invocation, element))
Matej Habrnal fa1950
             return;
Matej Habrnal fa1950
-        }
Matej Habrnal fa1950
 
Matej Habrnal fa1950
         struct dump_dir *dd = open_directory_for_modification_of_element(
Matej Habrnal fa1950
                                     invocation, caller_uid, problem_id, element);
Matej Habrnal fa1950
@@ -686,6 +692,9 @@ static void handle_method_call(GDBusConnection *connection,
Matej Habrnal fa1950
 
Matej Habrnal fa1950
         g_variant_get(parameters, "(&s&s)", &problem_id, &element);
Matej Habrnal fa1950
 
Matej Habrnal fa1950
+        if (!allowed_problem_element(invocation, element))
Matej Habrnal fa1950
+            return;
Matej Habrnal fa1950
+
Matej Habrnal fa1950
         struct dump_dir *dd = open_directory_for_modification_of_element(
Matej Habrnal fa1950
                                     invocation, caller_uid, problem_id, element);
Matej Habrnal fa1950
         if (!dd)
Matej Habrnal fa1950
@@ -718,6 +727,9 @@ static void handle_method_call(GDBusConnection *connection,
Matej Habrnal fa1950
 
Matej Habrnal fa1950
         g_variant_get(parameters, "(&s&s)", &problem_id, &element);
Matej Habrnal fa1950
 
Matej Habrnal fa1950
+        if (!allowed_problem_element(invocation, element))
Matej Habrnal fa1950
+            return;
Matej Habrnal fa1950
+
Matej Habrnal fa1950
         struct dump_dir *dd = open_dump_directory(invocation, caller, caller_uid,
Matej Habrnal fa1950
                 problem_id, DD_OPEN_READONLY, OPEN_AUTH_ASK);
Matej Habrnal fa1950
         if (!dd)
Matej Habrnal fa1950
@@ -790,6 +802,9 @@ static void handle_method_call(GDBusConnection *connection,
Matej Habrnal fa1950
         g_variant_get_child(parameters, 3, "x", &timestamp_to);
Matej Habrnal fa1950
         g_variant_get_child(parameters, 4, "b", &all;;
Matej Habrnal fa1950
 
Matej Habrnal fa1950
+        if (!allowed_problem_element(invocation, element))
Matej Habrnal fa1950
+            return;
Matej Habrnal fa1950
+
Matej Habrnal fa1950
         if (all && polkit_check_authorization_dname(caller, "org.freedesktop.problems.getall") == PolkitYes)
Matej Habrnal fa1950
             caller_uid = 0;
Matej Habrnal fa1950
 
Matej Habrnal fa1950
-- 
Matej Habrnal fa1950
2.1.0
Matej Habrnal fa1950