diff options
| author | John (J5) Palmieri <johnp@redhat.com> | 2008-01-15 14:20:43 -0500 |
|---|---|---|
| committer | John (J5) Palmieri <johnp@redhat.com> | 2008-01-15 14:20:43 -0500 |
| commit | 9db435926fb82409caa2b5a7139781a95f105a63 (patch) | |
| tree | 66d90fdc0a098214cb29cdffd56538c45806c08d | |
| parent | c18415e2c6e151b773a90e66188714124ee8b867 (diff) | |
rewrite selinux error handling to not abort due to a NULL read
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* bus/bus.c (bus_context_check_security_policy): rewrite selinux error
handling to not abort due to a NULL read and to set the error only if
it is not already set (Based off of FDO Bug #12430)
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | bus/bus.c | 36 |
2 files changed, 23 insertions, 21 deletions
@@ -1,9 +1,15 @@ 2008-01-15 John (J5) Palmieri <johnp@redhat.com> + * bus/bus.c (bus_context_check_security_policy): rewrite selinux error + handling to not abort due to a NULL read and to set the error only if + it is not already set (Based off of FDO Bug #12430) + +2008-01-15 John (J5) Palmieri <johnp@redhat.com> + * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com> * dbus/dbus-internals.c (_dbus_read_uuid_file_without_creating, - _dbus_create_uuid_file_exclusively): add OOM handling + _dbus_create_uuid_file_exclusively): add OOM handling (FDO Bug #12952) 2008-01-15 John (J5) Palmieri <johnp@redhat.com> @@ -1180,27 +1180,23 @@ bus_context_check_security_policy (BusContext *context, dbus_message_get_error_name (message), dest ? dest : DBUS_SERVICE_DBUS, error)) { + if (error != NULL && !dbus_error_is_set (error)) + { + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "An SELinux policy prevents this sender " + "from sending this message to this recipient " + "(rejected message had interface \"%s\" " + "member \"%s\" error name \"%s\" destination \"%s\")", + dbus_message_get_interface (message) ? + dbus_message_get_interface (message) : "(unset)", + dbus_message_get_member (message) ? + dbus_message_get_member (message) : "(unset)", + dbus_message_get_error_name (message) ? + dbus_message_get_error_name (message) : "(unset)", + dest ? dest : DBUS_SERVICE_DBUS); + _dbus_verbose ("SELinux security check denying send to service\n"); + } - if (dbus_error_is_set (error) && - dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) - { - return FALSE; - } - - - dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, - "An SELinux policy prevents this sender " - "from sending this message to this recipient " - "(rejected message had interface \"%s\" " - "member \"%s\" error name \"%s\" destination \"%s\")", - dbus_message_get_interface (message) ? - dbus_message_get_interface (message) : "(unset)", - dbus_message_get_member (message) ? - dbus_message_get_member (message) : "(unset)", - dbus_message_get_error_name (message) ? - dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS); - _dbus_verbose ("SELinux security check denying send to service\n"); return FALSE; } |