abrtd: fix Report() dbus call gaping security holes

We were blindly trusting the values passed to us

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

4 files changed, 18 insertions, 18 deletions

diff --git a/lib/Plugins/Bugzilla.cpp b/lib/Plugins/Bugzilla.cpp
index aafa0198..f0e366b2 100644
--- a/lib/Plugins/Bugzilla.cpp
+++ b/lib/Plugins/Bugzilla.cpp
@@ -287,7 +287,7 @@ uint32_t ctx::new_bug(const map_crash_data_t& pCrashData)
     const std::string& component = get_crash_data_item_content(pCrashData, FILENAME_COMPONENT);
     const std::string& release   = get_crash_data_item_content(pCrashData, FILENAME_RELEASE);
     const std::string& arch      = get_crash_data_item_content(pCrashData, FILENAME_ARCHITECTURE);
-    const std::string& uuid      = get_crash_data_item_content(pCrashData, CD_UUID);
+    const std::string& uuid      = get_crash_data_item_content(pCrashData, CD_DUPHASH);
 
     std::string summary = "[abrt] crash in " + package;
     std::string status_whiteboard = "abrt_hash:" + uuid;
@@ -434,7 +434,7 @@ std::string CReporterBugzilla::Report(const map_crash_data_t& pCrashData,
     }
 
     const std::string& component = get_crash_data_item_content(pCrashData, FILENAME_COMPONENT);
-    const std::string& uuid      = get_crash_data_item_content(pCrashData, CD_UUID);
+    const std::string& uuid      = get_crash_data_item_content(pCrashData, CD_DUPHASH);
     try
     {
         ctx bz_server(BugzillaXMLRPC.c_str(), NoSSLVerify);
diff --git a/lib/Plugins/Catcut.cpp b/lib/Plugins/Catcut.cpp
index 1bc51f97..3580a3b4 100644
--- a/lib/Plugins/Catcut.cpp
+++ b/lib/Plugins/Catcut.cpp
@@ -272,7 +272,7 @@ ctx::new_bug(const char *auth_cookie, const map_crash_data_t& pCrashData)
     const string& component = get_crash_data_item_content(pCrashData, FILENAME_COMPONENT);
     const string& release   = get_crash_data_item_content(pCrashData, FILENAME_RELEASE);
     const string& arch      = get_crash_data_item_content(pCrashData, FILENAME_ARCHITECTURE);
-    const string& uuid      = get_crash_data_item_content(pCrashData, CD_UUID);
+    const string& uuid      = get_crash_data_item_content(pCrashData, CD_DUPHASH);
 
     string summary = "[abrt] crash in " + package;
     string status_whiteboard = "abrt_hash:" + uuid;
diff --git a/lib/Plugins/FileTransfer.cpp b/lib/Plugins/FileTransfer.cpp
index b08ecd51..fff6f2dd 100644
--- a/lib/Plugins/FileTransfer.cpp
+++ b/lib/Plugins/FileTransfer.cpp
@@ -25,12 +25,12 @@
 #include <iostream>
 #include <sstream>
 #include <fstream>
-#include <stdio.h>
-#include <string.h>
-#include <dirent.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
+//#include <stdio.h>
+//#include <string.h>
+//#include <dirent.h>
+//#include <sys/types.h>
+//#include <sys/stat.h>
+//#include <fcntl.h>
 #include <zip.h>
 #include <libtar.h>
 #include <bzlib.h>
diff --git a/lib/Plugins/Mailx.cpp b/lib/Plugins/Mailx.cpp
index 20af8e79..2ee96455 100644
--- a/lib/Plugins/Mailx.cpp
+++ b/lib/Plugins/Mailx.cpp
@@ -74,13 +74,13 @@ std::string CMailx::Report(const map_crash_data_t& pCrashData,
     args = append_str_to_vector(args, arg_size, MAILX_COMMAND);
 
 //TODO: move email body generation to make_descr.cpp
-    std::string binaryFiles, commonFiles, additionalFiles, UUIDFile;
+    std::string binaryFiles, commonFiles, additionalFiles, DUPHASHFile;
     map_crash_data_t::const_iterator it;
     for (it = pCrashData.begin(); it != pCrashData.end(); it++)
     {
         if (it->second[CD_TYPE] == CD_TXT)
         {
-            if (it->first != CD_UUID
+            if (it->first != CD_DUPHASH
              && it->first != FILENAME_ARCHITECTURE
              && it->first != FILENAME_KERNEL
              && it->first != FILENAME_PACKAGE
@@ -90,12 +90,12 @@ std::string CMailx::Report(const map_crash_data_t& pCrashData,
                 additionalFiles += it->second[CD_CONTENT];
                 additionalFiles += "\n\n";
             }
-            else if (it->first == CD_UUID)
+            else if (it->first == CD_DUPHASH)
             {
-                UUIDFile += it->first;
-                UUIDFile += "\n-----\n";
-                UUIDFile += it->second[CD_CONTENT];
-                UUIDFile += "\n\n";
+                DUPHASHFile += it->first;
+                DUPHASHFile += "\n-----\n";
+                DUPHASHFile += it->second[CD_CONTENT];
+                DUPHASHFile += "\n\n";
             }
             else
             {
@@ -119,7 +119,7 @@ std::string CMailx::Report(const map_crash_data_t& pCrashData,
 
     std::string emailBody = "Duplicate check\n";
     emailBody += "=====\n\n";
-    emailBody += UUIDFile;
+    emailBody += DUPHASHFile;
     emailBody += "\nCommon information\n";
     emailBody += "=====\n\n";
     emailBody += commonFiles;
@@ -135,7 +135,7 @@ std::string CMailx::Report(const map_crash_data_t& pCrashData,
     args = append_str_to_vector(args, arg_size, m_sEmailTo.c_str());
 
     update_client(_("Sending an email..."));
-    const char *uid_str = get_crash_data_item_content(pCrashData, CD_MWUID).c_str();
+    const char *uid_str = get_crash_data_item_content(pCrashData, FILENAME_UID).c_str();
     exec_and_feed_input(xatoi_u(uid_str), emailBody.c_str(), args);
 
     while (*args)