summaryrefslogtreecommitdiff
path: root/user/polkit/CVE-2015-3255.patch
diff options
context:
space:
mode:
Diffstat (limited to 'user/polkit/CVE-2015-3255.patch')
-rw-r--r--user/polkit/CVE-2015-3255.patch67
1 files changed, 67 insertions, 0 deletions
diff --git a/user/polkit/CVE-2015-3255.patch b/user/polkit/CVE-2015-3255.patch
new file mode 100644
index 000000000..1bd7c6bcf
--- /dev/null
+++ b/user/polkit/CVE-2015-3255.patch
@@ -0,0 +1,67 @@
+From 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
+Date: Wed, 1 Apr 2015 05:22:37 +0200
+Subject: CVE-2015-3255 Fix GHashTable usage.
+
+Don't assume that the hash table with free both the key and the value
+at the same time, supply proper deallocation functions for the key
+and value separately.
+
+Then drop ParsedAction::action_id which is no longer used for anything.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=69501
+and
+https://bugs.freedesktop.org/show_bug.cgi?id=83590
+
+CVE: CVE-2015-3255
+
+diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
+index bc14381..3894fe9 100644
+--- a/src/polkitbackend/polkitbackendactionpool.c
++++ b/src/polkitbackend/polkitbackendactionpool.c
+@@ -40,7 +40,6 @@
+
+ typedef struct
+ {
+- gchar *action_id;
+ gchar *vendor_name;
+ gchar *vendor_url;
+ gchar *icon_name;
+@@ -62,7 +61,6 @@ typedef struct
+ static void
+ parsed_action_free (ParsedAction *action)
+ {
+- g_free (action->action_id);
+ g_free (action->vendor_name);
+ g_free (action->vendor_url);
+ g_free (action->icon_name);
+@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool)
+
+ priv->parsed_actions = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+- NULL,
++ g_free,
+ (GDestroyNotify) parsed_action_free);
+
+ priv->parsed_files = g_hash_table_new_full (g_str_hash,
+@@ -988,7 +986,6 @@ _end (void *data, const char *el)
+ icon_name = pd->global_icon_name;
+
+ action = g_new0 (ParsedAction, 1);
+- action->action_id = g_strdup (pd->action_id);
+ action->vendor_name = g_strdup (vendor);
+ action->vendor_url = g_strdup (vendor_url);
+ action->icon_name = g_strdup (icon_name);
+@@ -1003,7 +1000,8 @@ _end (void *data, const char *el)
+ action->implicit_authorization_inactive = pd->implicit_authorization_inactive;
+ action->implicit_authorization_active = pd->implicit_authorization_active;
+
+- g_hash_table_insert (priv->parsed_actions, action->action_id, action);
++ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id),
++ action);
+
+ /* we steal these hash tables */
+ pd->annotations = NULL;
+--
+cgit v0.10.2
+