Mercurial > vanilla
comparison security/polkit/CVE-2018-19788.patch @ 490:dbffca6c243e
security/polkit: initial import, closes #1578
| author | David Demelier <markand@malikania.fr> |
|---|---|
| date | Sun, 07 Apr 2019 14:36:39 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 489:ba543d44b357 | 490:dbffca6c243e |
|---|---|
| 1 --- src/polkit/polkitunixgroup.c | |
| 2 +++ src/polkit/polkitunixgroup.c | |
| 3 @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, | |
| 4 static void | |
| 5 polkit_unix_group_init (PolkitUnixGroup *unix_group) | |
| 6 { | |
| 7 + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ | |
| 8 } | |
| 9 | |
| 10 static void | |
| 11 @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, | |
| 12 GParamSpec *pspec) | |
| 13 { | |
| 14 PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); | |
| 15 + gint val; | |
| 16 | |
| 17 switch (prop_id) | |
| 18 { | |
| 19 case PROP_GID: | |
| 20 - unix_group->gid = g_value_get_int (value); | |
| 21 + val = g_value_get_int (value); | |
| 22 + g_return_if_fail (val != -1); | |
| 23 + unix_group->gid = val; | |
| 24 break; | |
| 25 | |
| 26 default: | |
| 27 @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) | |
| 28 g_param_spec_int ("gid", | |
| 29 "Group ID", | |
| 30 "The UNIX group ID", | |
| 31 - 0, | |
| 32 + G_MININT, | |
| 33 G_MAXINT, | |
| 34 - 0, | |
| 35 + -1, | |
| 36 G_PARAM_CONSTRUCT | | |
| 37 G_PARAM_READWRITE | | |
| 38 G_PARAM_STATIC_NAME | | |
| 39 @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) | |
| 40 */ | |
| 41 void | |
| 42 polkit_unix_group_set_gid (PolkitUnixGroup *group, | |
| 43 - gint gid) | |
| 44 + gint gid) | |
| 45 { | |
| 46 g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); | |
| 47 + g_return_if_fail (gid != -1); | |
| 48 group->gid = gid; | |
| 49 } | |
| 50 | |
| 51 @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, | |
| 52 PolkitIdentity * | |
| 53 polkit_unix_group_new (gint gid) | |
| 54 { | |
| 55 + g_return_val_if_fail (gid != -1, NULL); | |
| 56 + | |
| 57 return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, | |
| 58 "gid", gid, | |
| 59 NULL)); | |
| 60 --- src/polkit/polkitunixprocess.c | |
| 61 +++ src/polkit/polkitunixprocess.c | |
| 62 @@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, | |
| 63 polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); | |
| 64 break; | |
| 65 | |
| 66 - case PROP_UID: | |
| 67 - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); | |
| 68 + case PROP_UID: { | |
| 69 + gint val; | |
| 70 + | |
| 71 + val = g_value_get_int (value); | |
| 72 + g_return_if_fail (val != -1); | |
| 73 + polkit_unix_process_set_uid (unix_process, val); | |
| 74 break; | |
| 75 + } | |
| 76 | |
| 77 case PROP_START_TIME: | |
| 78 polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); | |
| 79 @@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) | |
| 80 g_param_spec_int ("uid", | |
| 81 "User ID", | |
| 82 "The UNIX user ID", | |
| 83 - -1, | |
| 84 + G_MININT, | |
| 85 G_MAXINT, | |
| 86 -1, | |
| 87 G_PARAM_CONSTRUCT | | |
| 88 @@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, | |
| 89 gint uid) | |
| 90 { | |
| 91 g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); | |
| 92 - g_return_if_fail (uid >= -1); | |
| 93 process->uid = uid; | |
| 94 } | |
| 95 | |
| 96 --- src/polkit/polkitunixuser.c | |
| 97 +++ src/polkit/polkitunixuser.c | |
| 98 @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, | |
| 99 static void | |
| 100 polkit_unix_user_init (PolkitUnixUser *unix_user) | |
| 101 { | |
| 102 + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ | |
| 103 unix_user->name = NULL; | |
| 104 } | |
| 105 | |
| 106 @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, | |
| 107 GParamSpec *pspec) | |
| 108 { | |
| 109 PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); | |
| 110 + gint val; | |
| 111 | |
| 112 switch (prop_id) | |
| 113 { | |
| 114 case PROP_UID: | |
| 115 - unix_user->uid = g_value_get_int (value); | |
| 116 + val = g_value_get_int (value); | |
| 117 + g_return_if_fail (val != -1); | |
| 118 + unix_user->uid = val; | |
| 119 break; | |
| 120 | |
| 121 default: | |
| 122 @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) | |
| 123 g_param_spec_int ("uid", | |
| 124 "User ID", | |
| 125 "The UNIX user ID", | |
| 126 - 0, | |
| 127 + G_MININT, | |
| 128 G_MAXINT, | |
| 129 - 0, | |
| 130 + -1, | |
| 131 G_PARAM_CONSTRUCT | | |
| 132 G_PARAM_READWRITE | | |
| 133 G_PARAM_STATIC_NAME | | |
| 134 @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, | |
| 135 gint uid) | |
| 136 { | |
| 137 g_return_if_fail (POLKIT_IS_UNIX_USER (user)); | |
| 138 + g_return_if_fail (uid != -1); | |
| 139 user->uid = uid; | |
| 140 } | |
| 141 | |
| 142 @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, | |
| 143 PolkitIdentity * | |
| 144 polkit_unix_user_new (gint uid) | |
| 145 { | |
| 146 + g_return_val_if_fail (uid != -1, NULL); | |
| 147 + | |
| 148 return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, | |
| 149 "uid", uid, | |
| 150 NULL)); |