diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-21 02:56:53 +0100 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-21 02:56:53 +0100 |
commit | 6443695f275167adb123070daf2a6b6ecc0bb371 (patch) | |
tree | e55e9cb7795f3a5fb239793eab60f2320fe11cbc /src/CLI | |
parent | f1322558475277ffed7a9c61f4b9478b4dd1d46c (diff) | |
download | abrt-6443695f275167adb123070daf2a6b6ecc0bb371.tar.gz abrt-6443695f275167adb123070daf2a6b6ecc0bb371.tar.xz abrt-6443695f275167adb123070daf2a6b6ecc0bb371.zip |
abrtd: fix Report() dbus call gaping security holes
We were blindly trusting the values passed to us
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'src/CLI')
-rw-r--r-- | src/CLI/CLI.cpp | 8 | ||||
-rw-r--r-- | src/CLI/report.cpp | 12 |
2 files changed, 10 insertions, 10 deletions
diff --git a/src/CLI/CLI.cpp b/src/CLI/CLI.cpp index 5b96d7cb..a8786e99 100644 --- a/src/CLI/CLI.cpp +++ b/src/CLI/CLI.cpp @@ -55,7 +55,7 @@ static void print_crash_infos(vector_map_crash_data_t& pCrashInfos, int pMode) map_crash_data_t& info = pCrashInfos[ii]; if (pMode == OPT_GET_LIST_FULL || get_crash_data_item_content(info, CD_REPORTED) != "1") { - const char *timestr = get_crash_data_item_content(info, CD_TIME).c_str(); + const char *timestr = get_crash_data_item_content(info, FILENAME_TIME).c_str(); long time = strtol(timestr, NULL, 10); if (time == 0) error_msg_and_die("Error while converting time string."); @@ -73,10 +73,10 @@ static void print_crash_infos(vector_map_crash_data_t& pCrashInfos, int pMode) "\tCrash Time : %s\n" "\tCrash Count: %s\n"), ii, - get_crash_data_item_content(info, CD_UID).c_str(), + get_crash_data_item_content(info, FILENAME_UID).c_str(), get_crash_data_item_content(info, CD_UUID).c_str(), - get_crash_data_item_content(info, CD_PACKAGE).c_str(), - get_crash_data_item_content(info, CD_EXECUTABLE).c_str(), + get_crash_data_item_content(info, FILENAME_PACKAGE).c_str(), + get_crash_data_item_content(info, FILENAME_EXECUTABLE).c_str(), timeloc, get_crash_data_item_content(info, CD_COUNT).c_str() ); diff --git a/src/CLI/report.cpp b/src/CLI/report.cpp index 11037ca7..76cd3d5a 100644 --- a/src/CLI/report.cpp +++ b/src/CLI/report.cpp @@ -192,13 +192,13 @@ static void write_crash_report(const map_crash_data_t &report, FILE *fp) fprintf(fp, "# Please check this report. Lines starting with '#' will be ignored.\n" "# Lines starting with '%%----' separate fields, please do not delete them.\n\n"); - write_crash_report_field(fp, report, CD_COMMENT, + write_crash_report_field(fp, report, FILENAME_COMMENT, _("# Describe the circumstances of this crash below.")); - write_crash_report_field(fp, report, CD_REPRODUCE, + write_crash_report_field(fp, report, FILENAME_REPRODUCE, _("# How to reproduce the crash?")); write_crash_report_field(fp, report, FILENAME_BACKTRACE, _("# Stack trace: a list of active stack frames at the time the crash occurred\n# Check that it does not contain any sensitive data such as passwords.")); - write_crash_report_field(fp, report, CD_UUID, _("# UUID")); + write_crash_report_field(fp, report, CD_DUPHASH, "# DUPHASH"); write_crash_report_field(fp, report, FILENAME_ARCHITECTURE, _("# Architecture")); write_crash_report_field(fp, report, FILENAME_CMDLINE, _("# Command line")); write_crash_report_field(fp, report, FILENAME_COMPONENT, _("# Component")); @@ -282,10 +282,10 @@ static int read_crash_report_field(const char *text, map_crash_data_t &report, static int read_crash_report(map_crash_data_t &report, const char *text) { int result = 0; - result |= read_crash_report_field(text, report, CD_COMMENT); - result |= read_crash_report_field(text, report, CD_REPRODUCE); + result |= read_crash_report_field(text, report, FILENAME_COMMENT); + result |= read_crash_report_field(text, report, FILENAME_REPRODUCE); result |= read_crash_report_field(text, report, FILENAME_BACKTRACE); - result |= read_crash_report_field(text, report, CD_UUID); + result |= read_crash_report_field(text, report, CD_DUPHASH); result |= read_crash_report_field(text, report, FILENAME_ARCHITECTURE); result |= read_crash_report_field(text, report, FILENAME_CMDLINE); result |= read_crash_report_field(text, report, FILENAME_COMPONENT); |