Blame SOURCES/polkit-0.112-cve-2021-4034.patch
|
 |
e6fe7a |
diff -up ./src/programs/pkcheck.c.ori ./src/programs/pkcheck.c
|
|
|
e6fe7a |
--- ./src/programs/pkcheck.c.ori 2021-12-17 11:56:55.336675787 +0100
|
|
|
e6fe7a |
+++ ./src/programs/pkcheck.c 2021-12-17 12:08:19.736029380 +0100
|
|
|
e6fe7a |
@@ -362,6 +362,12 @@ main (int argc, char *argv[])
|
|
|
e6fe7a |
local_agent_handle = NULL;
|
|
|
e6fe7a |
ret = 126;
|
|
|
e6fe7a |
|
|
|
e6fe7a |
+ if (argc < 1)
|
|
|
e6fe7a |
+ {
|
|
|
e6fe7a |
+ help();
|
|
|
e6fe7a |
+ exit(1);
|
|
|
e6fe7a |
+ }
|
|
|
e6fe7a |
+
|
|
|
e6fe7a |
g_type_init ();
|
|
|
e6fe7a |
|
|
|
e6fe7a |
details = polkit_details_new ();
|
|
|
e6fe7a |
diff -up ./src/programs/pkexec.c.ori ./src/programs/pkexec.c
|
|
|
e6fe7a |
--- ./src/programs/pkexec.c.ori 2021-12-17 11:55:12.686171757 +0100
|
|
|
e6fe7a |
+++ ./src/programs/pkexec.c 2021-12-17 11:56:55.336675787 +0100
|
|
|
e6fe7a |
@@ -490,6 +490,17 @@ main (int argc, char *argv[])
|
|
|
e6fe7a |
pid_t pid_of_caller;
|
|
|
e6fe7a |
gpointer local_agent_handle;
|
|
|
e6fe7a |
|
|
|
e6fe7a |
+
|
|
|
e6fe7a |
+ /*
|
|
|
e6fe7a |
+ * If 'pkexec' is called wrong, just show help and bail out.
|
|
|
e6fe7a |
+ */
|
|
|
e6fe7a |
+ if (argc<1)
|
|
|
e6fe7a |
+ {
|
|
|
e6fe7a |
+ clearenv();
|
|
|
e6fe7a |
+ usage(argc, argv);
|
|
|
e6fe7a |
+ exit(1);
|
|
|
e6fe7a |
+ }
|
|
|
e6fe7a |
+
|
|
|
e6fe7a |
ret = 127;
|
|
|
e6fe7a |
authority = NULL;
|
|
|
e6fe7a |
subject = NULL;
|
|
|
e6fe7a |
@@ -601,7 +612,15 @@ main (int argc, char *argv[])
|
|
|
e6fe7a |
goto out;
|
|
|
e6fe7a |
}
|
|
|
e6fe7a |
g_free (path);
|
|
|
e6fe7a |
- argv[n] = path = s;
|
|
|
e6fe7a |
+ path = s;
|
|
|
e6fe7a |
+
|
|
|
e6fe7a |
+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
|
|
|
e6fe7a |
+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
|
|
|
e6fe7a |
+ */
|
|
|
e6fe7a |
+ if (argv[n] != NULL)
|
|
|
e6fe7a |
+ {
|
|
|
e6fe7a |
+ argv[n] = path;
|
|
|
e6fe7a |
+ }
|
|
|
e6fe7a |
}
|
|
|
e6fe7a |
if (access (path, F_OK) != 0)
|
|
|
e6fe7a |
{
|