fa1950198b
Move the default dump location to /var/spool/abrt from /var/tmp/abrt and Use root for owner of all dump directories Fixes for CVE-2015-3315, CVE-2015-3142, CVE-2015-1869, CVE-2015-1870 Fixes for CVE-2015-3147, CVE-2015-3151, CVE-2015-3150, CVE-2015-3159 Resolves: #1179752 Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>
92 lines
3.4 KiB
Diff
92 lines
3.4 KiB
Diff
From 23c800077fb6e821d54080ccc5d1258f37fcd8d4 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Filak <jfilak@redhat.com>
|
|
Date: Mon, 27 Apr 2015 07:52:00 +0200
|
|
Subject: [PATCH] dbus: report invalid element names
|
|
|
|
Return D-Bus error in case of invalid problem element name.
|
|
|
|
Related: #1214451
|
|
|
|
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
---
|
|
src/dbus/abrt-dbus.c | 35 +++++++++++++++++++++++++----------
|
|
1 file changed, 25 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
|
|
index 0f7ac2d..489d273 100644
|
|
--- a/src/dbus/abrt-dbus.c
|
|
+++ b/src/dbus/abrt-dbus.c
|
|
@@ -158,6 +158,21 @@ bool allowed_problem_dir(const char *dir_name)
|
|
return true;
|
|
}
|
|
|
|
+bool allowed_problem_element(GDBusMethodInvocation *invocation, const char *element)
|
|
+{
|
|
+ if (str_is_correct_filename(element))
|
|
+ return true;
|
|
+
|
|
+ log_notice("'%s' is not a valid element name", element);
|
|
+ char *error = xasprintf(_("'%s' is not a valid element name"), element);
|
|
+ g_dbus_method_invocation_return_dbus_error(invocation,
|
|
+ "org.freedesktop.problems.InvalidElement",
|
|
+ error);
|
|
+
|
|
+ free(error);
|
|
+ return false;
|
|
+}
|
|
+
|
|
static char *handle_new_problem(GVariant *problem_info, uid_t caller_uid, char **error)
|
|
{
|
|
problem_data_t *pd = problem_data_new();
|
|
@@ -627,17 +642,8 @@ static void handle_method_call(GDBusConnection *connection,
|
|
|
|
g_variant_get(parameters, "(&s&s&s)", &problem_id, &element, &value);
|
|
|
|
- if (element == NULL || element[0] == '\0' || strlen(element) > 64)
|
|
- {
|
|
- log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
|
|
- char *error = xasprintf(_("'%s' is not a valid element name"), element);
|
|
- g_dbus_method_invocation_return_dbus_error(invocation,
|
|
- "org.freedesktop.problems.InvalidElement",
|
|
- error);
|
|
-
|
|
- free(error);
|
|
+ if (!allowed_problem_element(invocation, element))
|
|
return;
|
|
- }
|
|
|
|
struct dump_dir *dd = open_directory_for_modification_of_element(
|
|
invocation, caller_uid, problem_id, element);
|
|
@@ -686,6 +692,9 @@ static void handle_method_call(GDBusConnection *connection,
|
|
|
|
g_variant_get(parameters, "(&s&s)", &problem_id, &element);
|
|
|
|
+ if (!allowed_problem_element(invocation, element))
|
|
+ return;
|
|
+
|
|
struct dump_dir *dd = open_directory_for_modification_of_element(
|
|
invocation, caller_uid, problem_id, element);
|
|
if (!dd)
|
|
@@ -718,6 +727,9 @@ static void handle_method_call(GDBusConnection *connection,
|
|
|
|
g_variant_get(parameters, "(&s&s)", &problem_id, &element);
|
|
|
|
+ if (!allowed_problem_element(invocation, element))
|
|
+ return;
|
|
+
|
|
struct dump_dir *dd = open_dump_directory(invocation, caller, caller_uid,
|
|
problem_id, DD_OPEN_READONLY, OPEN_AUTH_ASK);
|
|
if (!dd)
|
|
@@ -790,6 +802,9 @@ static void handle_method_call(GDBusConnection *connection,
|
|
g_variant_get_child(parameters, 3, "x", ×tamp_to);
|
|
g_variant_get_child(parameters, 4, "b", &all);
|
|
|
|
+ if (!allowed_problem_element(invocation, element))
|
|
+ return;
|
|
+
|
|
if (all && polkit_check_authorization_dname(caller, "org.freedesktop.problems.getall") == PolkitYes)
|
|
caller_uid = 0;
|
|
|
|
--
|
|
2.1.0
|
|
|