rpms / abrt

Clone
Source Code
GIT

Blame SOURCES/0118-dbus-validate-parameters-of-all-calls.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-sig-altarch-debrand c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 master
  1.   c7-alt
  2.   SOURCES
  3.   0118-dbus-validate-parameters-of-all-calls.patch
Blob History Raw
baab13 
From 7a47f57975be0d285a2f20758e4572dca6d9cdd3 Mon Sep 17 00:00:00 2001
baab13 
From: Jakub Filak <jfilak@redhat.com>
baab13 
Date: Wed, 13 May 2015 11:10:23 +0200
baab13 
Subject: [ABRT PATCH] dbus: validate parameters of all calls
baab13
baab13 
SetElement and DeleteElement were missing check for valid dump directory
baab13 
path.
baab13
baab13 
FindProblemByElementInTimeRange was not reporting invalid element names.
baab13
baab13 
Related: #1214451
baab13
baab13 
Signed-off-by: Jakub Filak <jfilak@redhat.com>
baab13 
---
baab13 
 src/dbus/abrt-dbus.c | 24 ++++++++++++++++++++++++
baab13 
 1 file changed, 24 insertions(+)
baab13
baab13 
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
baab13 
index bef95bd..f2f742b 100644
baab13 
--- a/src/dbus/abrt-dbus.c
baab13 
+++ b/src/dbus/abrt-dbus.c
baab13 
@@ -607,6 +607,12 @@ static void handle_method_call(GDBusConnection *connection,
baab13
baab13 
         g_variant_get(parameters, "(&s&s&s)", &problem_id, &element, &value);
baab13
baab13 
+        if (!allowed_problem_dir(problem_id))
baab13 
+        {
baab13 
+            return_InvalidProblemDir_error(invocation, problem_id);
baab13 
+            return;
baab13 
+        }
baab13 
+
baab13 
         if (!str_is_correct_filename(element))
baab13 
         {
baab13 
             log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
baab13 
@@ -666,6 +672,12 @@ static void handle_method_call(GDBusConnection *connection,
baab13
baab13 
         g_variant_get(parameters, "(&s&s)", &problem_id, &element);
baab13
baab13 
+        if (!allowed_problem_dir(problem_id))
baab13 
+        {
baab13 
+            return_InvalidProblemDir_error(invocation, problem_id);
baab13 
+            return;
baab13 
+        }
baab13 
+
baab13 
         if (!str_is_correct_filename(element))
baab13 
         {
baab13 
             log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
baab13 
@@ -783,6 +795,18 @@ static void handle_method_call(GDBusConnection *connection,
baab13 
         g_variant_get_child(parameters, 3, "x", &timestamp_to);
baab13 
         g_variant_get_child(parameters, 4, "b", &all;;
baab13
baab13 
+        if (!str_is_correct_filename(element))
baab13 
+        {
baab13 
+            log_notice("'%s' is not a valid element name", element);
baab13 
+            char *error = xasprintf(_("'%s' is not a valid element name"), element);
baab13 
+            g_dbus_method_invocation_return_dbus_error(invocation,
baab13 
+                                              "org.freedesktop.problems.InvalidElement",
baab13 
+                                              error);
baab13 
+
baab13 
+            free(error);
baab13 
+            return;
baab13 
+        }
baab13 
+
baab13 
         if (all && polkit_check_authorization_dname(caller, "org.freedesktop.problems.getall") == PolkitYes)
baab13 
             caller_uid = 0;
baab13
baab13 
--
baab13 
1.8.3.1
baab13

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation