Commit c359201a authored by David Zeuthen's avatar David Zeuthen
Browse files

fix a grave bug where the wrong authorizations were returned

We were modifying the 'uid' parameter in _authdb_get_auths_for_uid();
I bet that if we had unit tests this bug would have been caught
earlier...
parent ea4910e6
...@@ -253,7 +253,7 @@ _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb) ...@@ -253,7 +253,7 @@ _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb)
*/ */
static KitList * static KitList *
_authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb, _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
uid_t uid, const uid_t uid,
PolKitError **error) PolKitError **error)
{ {
KitList *ret; KitList *ret;
...@@ -306,41 +306,46 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb, ...@@ -306,41 +306,46 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
goto out; goto out;
} }
len = strlen (standard_output); if (standard_output != NULL) {
uid_t uid2;
/* parse one line at a time (modifies standard_output in place) */ len = strlen (standard_output);
n = 0;
while (n < len) { uid2 = uid;
off_t m;
char *line; /* parse one line at a time (modifies standard_output in place) */
PolKitAuthorization *auth; n = 0;
while (n < len) {
m = n; off_t m;
while (m < len && standard_output[m] != '\0') { char *line;
if (standard_output[m] == '\n') PolKitAuthorization *auth;
m = n;
while (m < len && standard_output[m] != '\0') {
if (standard_output[m] == '\n')
break;
m++;
}
/* check EOF */
if (standard_output[m] == '\0')
break; break;
m++; standard_output[m] = '\0';
}
/* check EOF */ line = standard_output + n;
if (standard_output[m] == '\0')
break; if (strlen (line) >= 2 && strncmp (line, "#uid=", 5) == 0) {
standard_output[m] = '\0'; uid2 = (uid_t) atoi (line + 5);
}
line = standard_output + n;
if (strlen (line) >= 2 && strncmp (line, "#uid=", 5) == 0) {
uid = (uid_t) atoi (line + 5);
}
if (strlen (line) >= 2 && line[0] != '#') {
auth = _polkit_authorization_new_for_uid (line, uid);
if (auth != NULL) { if (strlen (line) >= 2 && line[0] != '#') {
ret = kit_list_prepend (ret, auth); auth = _polkit_authorization_new_for_uid (line, uid2);
if (auth != NULL) {
ret = kit_list_prepend (ret, auth);
}
} }
n = m + 1;
} }
n = m + 1;
} }
kit_hash_insert (authdb->uid_to_authlist, (void *) uid, ret); kit_hash_insert (authdb->uid_to_authlist, (void *) uid, ret);
...@@ -384,6 +389,11 @@ _internal_foreach (PolKitAuthorizationDB *authdb, ...@@ -384,6 +389,11 @@ _internal_foreach (PolKitAuthorizationDB *authdb,
for (l = auths; l != NULL; l = l->next) { for (l = auths; l != NULL; l = l->next) {
PolKitAuthorization *auth = l->data; PolKitAuthorization *auth = l->data;
//kit_warning ("%d: action_id=%s uid=%d",
// uid,
// polkit_authorization_get_action_id (auth),
// polkit_authorization_get_uid (auth));
if (action_id != NULL) { if (action_id != NULL) {
if (strcmp (polkit_authorization_get_action_id (auth), action_id) != 0) { if (strcmp (polkit_authorization_get_action_id (auth), action_id) != 0) {
continue; continue;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment