pool/polkit
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 660357 from Base:System

Browse Source 
- polkit-CVE-2018-19788.patch: Fixed handling of UIDs over MAX_UINT
  (bsc#1118277 CVE-2018-19788) (forwarded request 660356 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/660357
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/polkit?expand=0&rev=64
This commit is contained in:
Dominique Leuenberger 2018-12-26 23:21:37 +00:00 committed by Git OBS Bridge
commit 3a5319c5e0
3 changed files with 190 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
polkit-CVE-2018-19788.patch Normal file
View File

@ -0,0 +1,181 @@
commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379
Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Mon Dec 3 10:28:58 2018 +0100
Allow negative uids/gids in PolkitUnixUser and Group objects
(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since
there should be no users with such number, see
https://systemd.io/UIDS-GIDS#special-linux-uids.
(uid_t) -1 is used as the default value in class initialization.
When a user or group above INT32_MAX is created, the numeric uid or
gid wraps around to negative when the value is assigned to gint, and
polkit gets confused. Let's accept such gids, except for -1.
A nicer fix would be to change the underlying type to e.g. uint32 to
not have negative values. But this cannot be done without breaking the
API, so likely new functions will have to be added (a
polkit_unix_user_new variant that takes a unsigned, and the same for
_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will
require a bigger patch.
Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
index c57a1aa..309f689 100644
--- a/src/polkit/polkitunixgroup.c
+++ b/src/polkit/polkitunixgroup.c
@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
static void
polkit_unix_group_init (PolkitUnixGroup *unix_group)
{
+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
}
static void
@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
GParamSpec *pspec)
{
PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
+ gint val;
switch (prop_id)
{
case PROP_GID:
- unix_group->gid = g_value_get_int (value);
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ unix_group->gid = val;
break;
default:
@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
g_param_spec_int ("gid",
"Group ID",
"The UNIX group ID",
- 0,
+ G_MININT,
G_MAXINT,
- 0,
+ -1,
G_PARAM_CONSTRUCT |
G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
*/
void
polkit_unix_group_set_gid (PolkitUnixGroup *group,
- gint gid)
+ gint gid)
{
g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
+ g_return_if_fail (gid != -1);
group->gid = gid;
}
@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
PolkitIdentity *
polkit_unix_group_new (gint gid)
{
+ g_return_val_if_fail (gid != -1, NULL);
+
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
"gid", gid,
NULL));
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
index 972b777..b02b258 100644
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
break;
- case PROP_UID:
- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
+ case PROP_UID: {
+ gint val;
+
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ polkit_unix_process_set_uid (unix_process, val);
break;
+ }
case PROP_START_TIME:
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
g_param_spec_int ("uid",
"User ID",
"The UNIX user ID",
- -1,
+ G_MININT,
G_MAXINT,
-1,
G_PARAM_CONSTRUCT |
@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
gint uid)
{
g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
- g_return_if_fail (uid >= -1);
process->uid = uid;
}
diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
index 8bfd3a1..234a697 100644
--- a/src/polkit/polkitunixuser.c
+++ b/src/polkit/polkitunixuser.c
@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
static void
polkit_unix_user_init (PolkitUnixUser *unix_user)
{
+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
unix_user->name = NULL;
}
@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
GParamSpec *pspec)
{
PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
+ gint val;
switch (prop_id)
{
case PROP_UID:
- unix_user->uid = g_value_get_int (value);
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ unix_user->uid = val;
break;
default:
@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
g_param_spec_int ("uid",
"User ID",
"The UNIX user ID",
- 0,
+ G_MININT,
G_MAXINT,
- 0,
+ -1,
G_PARAM_CONSTRUCT |
G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
gint uid)
{
g_return_if_fail (POLKIT_IS_UNIX_USER (user));
+ g_return_if_fail (uid != -1);
user->uid = uid;
}
@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
PolkitIdentity *
polkit_unix_user_new (gint uid)
{
+ g_return_val_if_fail (uid != -1, NULL);
+
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
"uid", uid,
NULL));

6
polkit.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Dec 20 17:29:58 UTC 2018 - meissner@suse.com
- polkit-CVE-2018-19788.patch: Fixed handling of UIDs over MAX_UINT
(bsc#1118277 CVE-2018-19788)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Aug 17 07:56:08 UTC 2018 - bjorn.lie@gmail.com Fri Aug 17 07:56:08 UTC 2018 - bjorn.lie@gmail.com

3
polkit.spec
View File

@ -38,6 +38,8 @@ Patch2: pkexec.patch
Patch3: polkit-fix-possible-resource-leak.patch Patch3: polkit-fix-possible-resource-leak.patch
# PATCH-FIX-UPSTREAM polkit-fix-leaking-zombie-child-processes.patch fdo#106021 -- polkitd: fix zombie not reaped when js spawned process timed out # PATCH-FIX-UPSTREAM polkit-fix-leaking-zombie-child-processes.patch fdo#106021 -- polkitd: fix zombie not reaped when js spawned process timed out
Patch4: polkit-fix-leaking-zombie-child-processes.patch Patch4: polkit-fix-leaking-zombie-child-processes.patch
# PATCH-FIX-UPSTREAM polkit-CVE-2018-19788.patch bsc#1118277 meissner@suse.com -- 2cb40c4d5feeaa09325522bd7d97910f1b59e379
Patch5: polkit-CVE-2018-19788.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gtk-doc BuildRequires: gtk-doc
@ -123,6 +125,7 @@ This package provides the GObject Introspection bindings for PolicyKit.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%build %build
export V=1 export V=1