abrtd: fix Report() dbus call gaping security holes

We were blindly trusting the values passed to us

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

2 files changed, 10 insertions, 10 deletions

diff --git a/src/CLI/CLI.cpp b/src/CLI/CLI.cpp
index 5b96d7cb..a8786e99 100644
--- a/src/CLI/CLI.cpp
+++ b/src/CLI/CLI.cpp
@@ -55,7 +55,7 @@ static void print_crash_infos(vector_map_crash_data_t& pCrashInfos, int pMode)
         map_crash_data_t& info = pCrashInfos[ii];
         if (pMode == OPT_GET_LIST_FULL || get_crash_data_item_content(info, CD_REPORTED) != "1")
         {
-            const char *timestr = get_crash_data_item_content(info, CD_TIME).c_str();
+            const char *timestr = get_crash_data_item_content(info, FILENAME_TIME).c_str();
             long time = strtol(timestr, NULL, 10);
             if (time == 0)
                 error_msg_and_die("Error while converting time string.");
@@ -73,10 +73,10 @@ static void print_crash_infos(vector_map_crash_data_t& pCrashInfos, int pMode)
                    "\tCrash Time : %s\n"
                    "\tCrash Count: %s\n"),
                 ii,
-                get_crash_data_item_content(info, CD_UID).c_str(),
+                get_crash_data_item_content(info, FILENAME_UID).c_str(),
                 get_crash_data_item_content(info, CD_UUID).c_str(),
-                get_crash_data_item_content(info, CD_PACKAGE).c_str(),
-                get_crash_data_item_content(info, CD_EXECUTABLE).c_str(),
+                get_crash_data_item_content(info, FILENAME_PACKAGE).c_str(),
+                get_crash_data_item_content(info, FILENAME_EXECUTABLE).c_str(),
                 timeloc,
                 get_crash_data_item_content(info, CD_COUNT).c_str()
             );
diff --git a/src/CLI/report.cpp b/src/CLI/report.cpp
index 11037ca7..76cd3d5a 100644
--- a/src/CLI/report.cpp
+++ b/src/CLI/report.cpp
@@ -192,13 +192,13 @@ static void write_crash_report(const map_crash_data_t &report, FILE *fp)
   fprintf(fp, "# Please check this report. Lines starting with '#' will be ignored.\n"
 	  "# Lines starting with '%%----' separate fields, please do not delete them.\n\n");
 
-  write_crash_report_field(fp, report, CD_COMMENT,
+  write_crash_report_field(fp, report, FILENAME_COMMENT,
 			   _("# Describe the circumstances of this crash below."));
-  write_crash_report_field(fp, report, CD_REPRODUCE,
+  write_crash_report_field(fp, report, FILENAME_REPRODUCE,
 			   _("# How to reproduce the crash?"));
   write_crash_report_field(fp, report, FILENAME_BACKTRACE,
 			   _("# Stack trace: a list of active stack frames at the time the crash occurred\n# Check that it does not contain any sensitive data such as passwords."));
-  write_crash_report_field(fp, report, CD_UUID, _("# UUID"));
+  write_crash_report_field(fp, report, CD_DUPHASH, "# DUPHASH");
   write_crash_report_field(fp, report, FILENAME_ARCHITECTURE, _("# Architecture"));
   write_crash_report_field(fp, report, FILENAME_CMDLINE, _("# Command line"));
   write_crash_report_field(fp, report, FILENAME_COMPONENT, _("# Component"));
@@ -282,10 +282,10 @@ static int read_crash_report_field(const char *text, map_crash_data_t &report,
 static int read_crash_report(map_crash_data_t &report, const char *text)
 {
   int result = 0;
-  result |= read_crash_report_field(text, report, CD_COMMENT);
-  result |= read_crash_report_field(text, report, CD_REPRODUCE);
+  result |= read_crash_report_field(text, report, FILENAME_COMMENT);
+  result |= read_crash_report_field(text, report, FILENAME_REPRODUCE);
   result |= read_crash_report_field(text, report, FILENAME_BACKTRACE);
-  result |= read_crash_report_field(text, report, CD_UUID);
+  result |= read_crash_report_field(text, report, CD_DUPHASH);
   result |= read_crash_report_field(text, report, FILENAME_ARCHITECTURE);
   result |= read_crash_report_field(text, report, FILENAME_CMDLINE);
   result |= read_crash_report_field(text, report, FILENAME_COMPONENT);