diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-21 02:56:53 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-21 02:56:53 +0100 |
| commit | 6443695f275167adb123070daf2a6b6ecc0bb371 (patch) | |
| tree | e55e9cb7795f3a5fb239793eab60f2320fe11cbc /src/Daemon/CrashWatcher.cpp | |
| parent | f1322558475277ffed7a9c61f4b9478b4dd1d46c (diff) | |
| download | abrt-6443695f275167adb123070daf2a6b6ecc0bb371.tar.gz abrt-6443695f275167adb123070daf2a6b6ecc0bb371.tar.xz abrt-6443695f275167adb123070daf2a6b6ecc0bb371.zip | |
abrtd: fix Report() dbus call gaping security holes
We were blindly trusting the values passed to us
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'src/Daemon/CrashWatcher.cpp')
| -rw-r--r-- | src/Daemon/CrashWatcher.cpp | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/src/Daemon/CrashWatcher.cpp b/src/Daemon/CrashWatcher.cpp index 80d8cd47..93365f3b 100644 --- a/src/Daemon/CrashWatcher.cpp +++ b/src/Daemon/CrashWatcher.cpp @@ -57,12 +57,11 @@ vector_map_crash_data_t GetCrashInfos(const char *pUID) unsigned int ii; for (ii = 0; ii < UUIDsUIDs.size(); ii++) { - mw_result_t res; - map_crash_data_t info; const char *uuid = UUIDsUIDs[ii].first.c_str(); const char *uid = UUIDsUIDs[ii].second.c_str(); - res = FillCrashInfo(uuid, uid, info); + map_crash_data_t info; + mw_result_t res = FillCrashInfo(uuid, uid, info); switch (res) { case MW_OK: @@ -96,18 +95,18 @@ vector_map_crash_data_t GetCrashInfos(const char *pUID) * StartJob dbus call already did all the processing, and we just retrieve * the result from dump directory, which is fast. */ -map_crash_data_t CreateReport(const char* pUUID, const char* pUID, int force) +void CreateReport(const char* pUUID, const char* pUID, int force, map_crash_data_t& crashReport) { /* FIXME: starting from here, any shared data must be protected with a mutex. * For example, CreateCrashReport does: * g_pPluginManager->GetDatabase(g_settings_sDatabase.c_str()); * which is unsafe wrt concurrent updates to g_pPluginManager state. */ - map_crash_data_t crashReport; mw_result_t res = CreateCrashReport(pUUID, pUID, force, crashReport); switch (res) { case MW_OK: + VERB2 log_map_crash_data(crashReport, "crashReport"); break; case MW_IN_DB_ERROR: error_msg("Can't find crash with UUID %s in database", pUUID); @@ -120,7 +119,6 @@ map_crash_data_t CreateReport(const char* pUUID, const char* pUID, int force) DeleteDebugDump(pUUID, pUID); break; } - return crashReport; } typedef struct thread_data_t { @@ -140,7 +138,8 @@ static void* create_report(void* arg) try { log("Creating report..."); - map_crash_data_t crashReport = CreateReport(thread_data->UUID, thread_data->UID, thread_data->force); + map_crash_data_t crashReport; + CreateReport(thread_data->UUID, thread_data->UID, thread_data->force, crashReport); g_pCommLayer->JobDone(thread_data->peer, thread_data->UUID); } catch (CABRTException& e) |