|
 |
8ec399 |
From 7a47f57975be0d285a2f20758e4572dca6d9cdd3 Mon Sep 17 00:00:00 2001
|
|
|
8ec399 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
8ec399 |
Date: Wed, 13 May 2015 11:10:23 +0200
|
|
|
8ec399 |
Subject: [ABRT PATCH] dbus: validate parameters of all calls
|
|
|
8ec399 |
|
|
|
8ec399 |
SetElement and DeleteElement were missing check for valid dump directory
|
|
|
8ec399 |
path.
|
|
|
8ec399 |
|
|
|
8ec399 |
FindProblemByElementInTimeRange was not reporting invalid element names.
|
|
|
8ec399 |
|
|
|
8ec399 |
Related: #1214451
|
|
|
8ec399 |
|
|
|
8ec399 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
8ec399 |
---
|
|
|
8ec399 |
src/dbus/abrt-dbus.c | 24 ++++++++++++++++++++++++
|
|
|
8ec399 |
1 file changed, 24 insertions(+)
|
|
|
8ec399 |
|
|
|
8ec399 |
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
|
|
|
8ec399 |
index bef95bd..f2f742b 100644
|
|
|
8ec399 |
--- a/src/dbus/abrt-dbus.c
|
|
|
8ec399 |
+++ b/src/dbus/abrt-dbus.c
|
|
|
8ec399 |
@@ -607,6 +607,12 @@ static void handle_method_call(GDBusConnection *connection,
|
|
|
8ec399 |
|
|
|
8ec399 |
g_variant_get(parameters, "(&s&s&s)", &problem_id, &element, &value);
|
|
|
8ec399 |
|
|
|
8ec399 |
+ if (!allowed_problem_dir(problem_id))
|
|
|
8ec399 |
+ {
|
|
|
8ec399 |
+ return_InvalidProblemDir_error(invocation, problem_id);
|
|
|
8ec399 |
+ return;
|
|
|
8ec399 |
+ }
|
|
|
8ec399 |
+
|
|
|
8ec399 |
if (!str_is_correct_filename(element))
|
|
|
8ec399 |
{
|
|
|
8ec399 |
log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
|
|
|
8ec399 |
@@ -666,6 +672,12 @@ static void handle_method_call(GDBusConnection *connection,
|
|
|
8ec399 |
|
|
|
8ec399 |
g_variant_get(parameters, "(&s&s)", &problem_id, &element);
|
|
|
8ec399 |
|
|
|
8ec399 |
+ if (!allowed_problem_dir(problem_id))
|
|
|
8ec399 |
+ {
|
|
|
8ec399 |
+ return_InvalidProblemDir_error(invocation, problem_id);
|
|
|
8ec399 |
+ return;
|
|
|
8ec399 |
+ }
|
|
|
8ec399 |
+
|
|
|
8ec399 |
if (!str_is_correct_filename(element))
|
|
|
8ec399 |
{
|
|
|
8ec399 |
log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
|
|
|
8ec399 |
@@ -783,6 +795,18 @@ static void handle_method_call(GDBusConnection *connection,
|
|
|
8ec399 |
g_variant_get_child(parameters, 3, "x", ×tamp_to);
|
|
|
8ec399 |
g_variant_get_child(parameters, 4, "b", &all;;
|
|
|
8ec399 |
|
|
|
8ec399 |
+ if (!str_is_correct_filename(element))
|
|
|
8ec399 |
+ {
|
|
|
8ec399 |
+ log_notice("'%s' is not a valid element name", element);
|
|
|
8ec399 |
+ char *error = xasprintf(_("'%s' is not a valid element name"), element);
|
|
|
8ec399 |
+ g_dbus_method_invocation_return_dbus_error(invocation,
|
|
|
8ec399 |
+ "org.freedesktop.problems.InvalidElement",
|
|
|
8ec399 |
+ error);
|
|
|
8ec399 |
+
|
|
|
8ec399 |
+ free(error);
|
|
|
8ec399 |
+ return;
|
|
|
8ec399 |
+ }
|
|
|
8ec399 |
+
|
|
|
8ec399 |
if (all && polkit_check_authorization_dname(caller, "org.freedesktop.problems.getall") == PolkitYes)
|
|
|
8ec399 |
caller_uid = 0;
|
|
|
8ec399 |
|
|
|
8ec399 |
--
|
|
|
8ec399 |
1.8.3.1
|
|
|
8ec399 |
|