diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-21 02:56:53 +0100 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-21 02:56:53 +0100 |
commit | 6443695f275167adb123070daf2a6b6ecc0bb371 (patch) | |
tree | e55e9cb7795f3a5fb239793eab60f2320fe11cbc /lib/Utils/make_descr.cpp | |
parent | f1322558475277ffed7a9c61f4b9478b4dd1d46c (diff) | |
download | abrt-6443695f275167adb123070daf2a6b6ecc0bb371.tar.gz abrt-6443695f275167adb123070daf2a6b6ecc0bb371.tar.xz abrt-6443695f275167adb123070daf2a6b6ecc0bb371.zip |
abrtd: fix Report() dbus call gaping security holes
We were blindly trusting the values passed to us
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'lib/Utils/make_descr.cpp')
-rw-r--r-- | lib/Utils/make_descr.cpp | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/Utils/make_descr.cpp b/lib/Utils/make_descr.cpp index e74e9b1d..a3ff5e24 100644 --- a/lib/Utils/make_descr.cpp +++ b/lib/Utils/make_descr.cpp @@ -58,13 +58,13 @@ string make_description_bz(const map_crash_data_t& pCrashData) map_crash_data_t::const_iterator end = pCrashData.end(); bool was_multiline = 0; - it = pCrashData.find(CD_REPRODUCE); + it = pCrashData.find(FILENAME_REPRODUCE); if (it != end && it->second[CD_CONTENT] != "1.\n2.\n3.\n") { add_content(was_multiline, description, "How to reproduce", it->second[CD_CONTENT].c_str()); } - it = pCrashData.find(CD_COMMENT); + it = pCrashData.find(FILENAME_COMMENT); if (it != end) { add_content(was_multiline, description, "Comment", it->second[CD_CONTENT].c_str()); @@ -80,11 +80,11 @@ string make_description_bz(const map_crash_data_t& pCrashData) { if (content.size() <= CD_TEXT_ATT_SIZE) { - if (filename != CD_UUID + if (filename != CD_DUPHASH && filename != FILENAME_ARCHITECTURE && filename != FILENAME_RELEASE - && filename != CD_REPRODUCE - && filename != CD_COMMENT + && filename != FILENAME_REPRODUCE + && filename != FILENAME_COMMENT ) { add_content(was_multiline, description, filename.c_str(), content.c_str()); } @@ -147,7 +147,7 @@ string make_description_catcut(const map_crash_data_t& pCrashData) map_crash_data_t::const_iterator it; string howToReproduce; - it = pCrashData.find(CD_REPRODUCE); + it = pCrashData.find(FILENAME_REPRODUCE); if (it != end) { howToReproduce = "\n\nHow to reproduce\n" @@ -155,7 +155,7 @@ string make_description_catcut(const map_crash_data_t& pCrashData) howToReproduce += it->second[CD_CONTENT]; } string comment; - it = pCrashData.find(CD_COMMENT); + it = pCrashData.find(FILENAME_COMMENT); if (it != end) { comment = "\n\nComment\n" @@ -178,11 +178,11 @@ string make_description_catcut(const map_crash_data_t& pCrashData) { if (content.length() <= CD_TEXT_ATT_SIZE) { - if (filename != CD_UUID + if (filename != CD_DUPHASH && filename != FILENAME_ARCHITECTURE && filename != FILENAME_RELEASE - && filename != CD_REPRODUCE - && filename != CD_COMMENT + && filename != FILENAME_REPRODUCE + && filename != FILENAME_COMMENT ) { pDescription += '\n'; pDescription += filename; |