GHSL-2021-074: authentication bypass vulnerability in polkit

initial values returned if error caught

GHSL-2021-074: authentication bypass vulnerability in polkit
initial values returned if error caught
a04d13af · Jan Rybar · cd18b017 · a04d13af
Commit a04d13af authored Jun 02, 2021 by Jan Rybar
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

src/polkit/polkitsystembusname.c src/polkit/polkitsystembusname.c +3 -0

No files found.
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
  while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
    g_main_context_iteration (tmp_context, TRUE);

+  if (data.caught_error)
+    goto out;
+
  if (out_uid)
    *out_uid = data.uid;
  if (out_pid)