doczkal / rpms / abrt

Forked from rpms/abrt 4 years ago
Clone

Blame SOURCES/0109-dbus-report-invalid-element-names.patch

8ec399
From f3c2a6af3455b2882e28570e8a04f1c2d4500d5b Mon Sep 17 00:00:00 2001
8ec399
From: Jakub Filak <jfilak@redhat.com>
8ec399
Date: Mon, 27 Apr 2015 07:52:00 +0200
8ec399
Subject: [ABRT PATCH] dbus: report invalid element names
8ec399
8ec399
Return D-Bus error in case of invalid problem element name.
8ec399
8ec399
Related: #1214451
8ec399
8ec399
Signed-off-by: Jakub Filak <jfilak@redhat.com>
8ec399
---
8ec399
 src/dbus/abrt-dbus.c | 14 +++++++++++++-
8ec399
 1 file changed, 13 insertions(+), 1 deletion(-)
8ec399
8ec399
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
8ec399
index 9e1844a..6de15e9 100644
8ec399
--- a/src/dbus/abrt-dbus.c
8ec399
+++ b/src/dbus/abrt-dbus.c
8ec399
@@ -599,7 +599,7 @@ static void handle_method_call(GDBusConnection *connection,
8ec399
 
8ec399
         g_variant_get(parameters, "(&s&s&s)", &problem_id, &element, &value);
8ec399
 
8ec399
-        if (element == NULL || element[0] == '\0' || strlen(element) > 64)
8ec399
+        if (!str_is_correct_filename(element))
8ec399
         {
8ec399
             log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
8ec399
             char *error = xasprintf(_("'%s' is not a valid element name"), element);
8ec399
@@ -658,6 +658,18 @@ static void handle_method_call(GDBusConnection *connection,
8ec399
 
8ec399
         g_variant_get(parameters, "(&s&s)", &problem_id, &element);
8ec399
 
8ec399
+        if (!str_is_correct_filename(element))
8ec399
+        {
8ec399
+            log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
8ec399
+            char *error = xasprintf(_("'%s' is not a valid element name"), element);
8ec399
+            g_dbus_method_invocation_return_dbus_error(invocation,
8ec399
+                                              "org.freedesktop.problems.InvalidElement",
8ec399
+                                              error);
8ec399
+
8ec399
+            free(error);
8ec399
+            return;
8ec399
+        }
8ec399
+
8ec399
         struct dump_dir *dd = open_directory_for_modification_of_element(
8ec399
                                     invocation, caller_uid, problem_id, element);
8ec399
         if (!dd)
8ec399
-- 
8ec399
1.8.3.1
8ec399