Skip to content
Permalink
Browse files Browse the repository at this point in the history
dbus: validate parameters of all calls
SetElement and DeleteElement were missing check for valid dump directory
path.

FindProblemByElementInTimeRange was not reporting invalid element names.

Related: #1214451

Signed-off-by: Jakub Filak <jfilak@redhat.com>
  • Loading branch information
Jakub Filak committed May 13, 2015
1 parent 0f8baa1 commit 7a47f57
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions src/dbus/abrt-dbus.c
Expand Up @@ -607,6 +607,12 @@ static void handle_method_call(GDBusConnection *connection,

g_variant_get(parameters, "(&s&s&s)", &problem_id, &element, &value);

if (!allowed_problem_dir(problem_id))
{
return_InvalidProblemDir_error(invocation, problem_id);
return;
}

if (!str_is_correct_filename(element))
{
log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
Expand Down Expand Up @@ -666,6 +672,12 @@ static void handle_method_call(GDBusConnection *connection,

g_variant_get(parameters, "(&s&s)", &problem_id, &element);

if (!allowed_problem_dir(problem_id))
{
return_InvalidProblemDir_error(invocation, problem_id);
return;
}

if (!str_is_correct_filename(element))
{
log_notice("'%s' is not a valid element name of '%s'", element, problem_id);
Expand Down Expand Up @@ -783,6 +795,18 @@ static void handle_method_call(GDBusConnection *connection,
g_variant_get_child(parameters, 3, "x", &timestamp_to);
g_variant_get_child(parameters, 4, "b", &all);

if (!str_is_correct_filename(element))
{
log_notice("'%s' is not a valid element name", element);
char *error = xasprintf(_("'%s' is not a valid element name"), element);
g_dbus_method_invocation_return_dbus_error(invocation,
"org.freedesktop.problems.InvalidElement",
error);

free(error);
return;
}

if (all && polkit_check_authorization_dname(caller, "org.freedesktop.problems.getall") == PolkitYes)
caller_uid = 0;

Expand Down

0 comments on commit 7a47f57

Please sign in to comment.