Blame SOURCES/0109-dbus-report-invalid-element-names.patch

a60cd7
From f3c2a6af3455b2882e28570e8a04f1c2d4500d5b Mon Sep 17 00:00:00 2001
a60cd7
From: Jakub Filak <jfilak@redhat.com>
a60cd7
Date: Mon, 27 Apr 2015 07:52:00 +0200
a60cd7
Subject: [ABRT PATCH] dbus: report invalid element names
a60cd7
a60cd7
Return D-Bus error in case of invalid problem element name.
a60cd7
a60cd7
Related: #1214451
a60cd7
a60cd7
Signed-off-by: Jakub Filak <jfilak@redhat.com>
a60cd7
---
a60cd7
 src/dbus/abrt-dbus.c | 14 +++++++++++++-
a60cd7
 1 file changed, 13 insertions(+), 1 deletion(-)
a60cd7
a60cd7
diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c
a60cd7
index 9e1844a..6de15e9 100644
a60cd7
--- a/src/dbus/abrt-dbus.c
a60cd7
+++ b/src/dbus/abrt-dbus.c
a60cd7
@@ -599,7 +599,7 @@ static void handle_method_call(GDBusConnection *connection,
a60cd7
 
a60cd7
         g_variant_get(parameters, "(&s&s&s)", &problem_id, &element, &value);
a60cd7
 
a60cd7
-        if (element == NULL || element[0] == '\0' || strlen(element) > 64)
a60cd7
+        if (!str_is_correct_filename(element))
a60cd7
         {
a60cd7
             log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
a60cd7
             char *error = xasprintf(_("'%s' is not a valid element name"), element);
a60cd7
@@ -658,6 +658,18 @@ static void handle_method_call(GDBusConnection *connection,
a60cd7
 
a60cd7
         g_variant_get(parameters, "(&s&s)", &problem_id, &element);
a60cd7
 
a60cd7
+        if (!str_is_correct_filename(element))
a60cd7
+        {
a60cd7
+            log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
a60cd7
+            char *error = xasprintf(_("'%s' is not a valid element name"), element);
a60cd7
+            g_dbus_method_invocation_return_dbus_error(invocation,
a60cd7
+                                              "org.freedesktop.problems.InvalidElement",
a60cd7
+                                              error);
a60cd7
+
a60cd7
+            free(error);
a60cd7
+            return;
a60cd7
+        }
a60cd7
+
a60cd7
         struct dump_dir *dd = open_directory_for_modification_of_element(
a60cd7
                                     invocation, caller_uid, problem_id, element);
a60cd7
         if (!dd)
a60cd7
-- 
a60cd7
1.8.3.1
a60cd7