Commit - source-git/systemd - 81e98f829821e64c8ac6c56b51bc322fb96c0558

source-git / systemd

`81e98f` polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it

1 file Authored by Jan Synacek 4 years ago, Committed by Packit Service 4 years ago,

raw patch tree parent

1 file changed. 50 lines added. 24 lines removed.

    polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it
    
    Previously, when doing an async PK query we'd store the original
    callback/userdata pair and call it again after the PK request is
    complete. This is problematic, since PK queries might be slow and in the
    meantime the userdata might be released and re-acquired. Let's avoid
    this by always traversing through the message handlers so that we always
    re-resolve the callback and userdata pair and thus can be sure it's
    up-to-date and properly valid.
    
    Resolves: CVE-2020-1712
    
    patch_name: 0316-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch
    present_in_specfile: true
    location_in_specfile: 316
    squash_commits: true

src/shared/bus-util.c

file modified

+50 -24

source-git / systemd

Source Code

81e98f polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it

1 file Authored by Jan Synacek 4 years ago, Committed by Packit Service 4 years ago,

`81e98f` polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it