2 files changed, 23 insertions, 21 deletions

diff --git a/ChangeLog b/ChangeLog
index 88d0a572..b254f8ee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,15 @@
 2008-01-15  John (J5) Palmieri  <johnp@redhat.com>
 
+	* bus/bus.c (bus_context_check_security_policy): rewrite selinux error
+	handling to not abort due to a NULL read and to set the error only if
+	it is not already set (Based off of FDO Bug #12430)
+
+2008-01-15  John (J5) Palmieri  <johnp@redhat.com>
+
 	* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
 
 	* dbus/dbus-internals.c (_dbus_read_uuid_file_without_creating,
-	_dbus_create_uuid_file_exclusively): add OOM handling
+	_dbus_create_uuid_file_exclusively): add OOM handling (FDO Bug #12952)
 
 2008-01-15  John (J5) Palmieri  <johnp@redhat.com>
 
diff --git a/bus/bus.c b/bus/bus.c
index 99e48569..864e48ba 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -1180,27 +1180,23 @@ bus_context_check_security_policy (BusContext     *context,
 				    dbus_message_get_error_name (message),
 				    dest ? dest : DBUS_SERVICE_DBUS, error))
         {
+          if (error != NULL && !dbus_error_is_set (error))
+            {
+              dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+                              "An SELinux policy prevents this sender "
+                              "from sending this message to this recipient "
+                              "(rejected message had interface \"%s\" "
+                              "member \"%s\" error name \"%s\" destination \"%s\")",
+                              dbus_message_get_interface (message) ?
+                              dbus_message_get_interface (message) : "(unset)",
+                              dbus_message_get_member (message) ?
+                              dbus_message_get_member (message) : "(unset)",
+                              dbus_message_get_error_name (message) ?
+                              dbus_message_get_error_name (message) : "(unset)",
+                              dest ? dest : DBUS_SERVICE_DBUS);
+              _dbus_verbose ("SELinux security check denying send to service\n");
+            }
 
-	  if (dbus_error_is_set (error) &&
-	      dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
-	    {
-	      return FALSE;
-	    }
-	  
-
-          dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
-                          "An SELinux policy prevents this sender "
-                          "from sending this message to this recipient "
-                          "(rejected message had interface \"%s\" "
-                          "member \"%s\" error name \"%s\" destination \"%s\")",
-                          dbus_message_get_interface (message) ?
-                          dbus_message_get_interface (message) : "(unset)",
-                          dbus_message_get_member (message) ?
-                          dbus_message_get_member (message) : "(unset)",
-                          dbus_message_get_error_name (message) ?
-                          dbus_message_get_error_name (message) : "(unset)",
-                          dest ? dest : DBUS_SERVICE_DBUS);
-          _dbus_verbose ("SELinux security check denying send to service\n");
           return FALSE;
         }