Compare commits
2 Commits
Author | SHA1 | Date |
---|---|---|
Jan Rybar | ca7bbe4e68 | |
Jan Rybar | 696e5a6a0c |
|
@ -0,0 +1,71 @@
|
|||
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
|
||||
index 8ed1363..2fbf5f1 100644
|
||||
--- a/src/polkit/polkitsystembusname.c
|
||||
+++ b/src/polkit/polkitsystembusname.c
|
||||
@@ -62,6 +62,10 @@ enum
|
||||
PROP_NAME,
|
||||
};
|
||||
|
||||
+
|
||||
+guint8 dbus_call_respond_fails; // has to be global because of callback
|
||||
+
|
||||
+
|
||||
static void subject_iface_init (PolkitSubjectIface *subject_iface);
|
||||
|
||||
G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
|
||||
@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
|
||||
if (!v)
|
||||
{
|
||||
data->caught_error = TRUE;
|
||||
+ dbus_call_respond_fails += 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
|
||||
tmp_context = g_main_context_new ();
|
||||
g_main_context_push_thread_default (tmp_context);
|
||||
|
||||
+ dbus_call_respond_fails = 0;
|
||||
+
|
||||
/* Do two async calls as it's basically as fast as one sync call.
|
||||
*/
|
||||
g_dbus_connection_call (connection,
|
||||
@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
|
||||
on_retrieved_unix_uid_pid,
|
||||
&data);
|
||||
|
||||
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
|
||||
- g_main_context_iteration (tmp_context, TRUE);
|
||||
+ while (TRUE)
|
||||
+ {
|
||||
+ /* If one dbus call returns error, we must wait until the other call
|
||||
+ * calls _call_finish(), otherwise fd leak is possible.
|
||||
+ * Resolves: GHSL-2021-077
|
||||
+ */
|
||||
|
||||
- if (data.caught_error)
|
||||
- goto out;
|
||||
+ if ( (dbus_call_respond_fails > 1) )
|
||||
+ {
|
||||
+ // we got two faults, we can leave
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
|
||||
+ {
|
||||
+ // we got one fault and the other call finally finished, we can leave
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if ( !(data.retrieved_uid && data.retrieved_pid) )
|
||||
+ {
|
||||
+ g_main_context_iteration (tmp_context, TRUE);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if (out_uid)
|
||||
*out_uid = data.uid;
|
|
@ -0,0 +1,103 @@
|
|||
From 4910132853ad68dbe8f4e7710dd098120d1b9b95 Mon Sep 17 00:00:00 2001
|
||||
From: Xi Ruoyao <xry111@mengyan1223.wang>
|
||||
Date: Tue, 25 Jan 2022 19:19:30 +0800
|
||||
Subject: [PATCH 1/3] jsauthority: ensure to call JS_Init() and JS_ShutDown()
|
||||
exactly once
|
||||
|
||||
Before this commit, we were calling JS_Init() in
|
||||
polkit_backend_js_authority_class_init and never called JS_ShutDown.
|
||||
This is actually a misusage of SpiderMonkey API. Quote from a comment
|
||||
in js/Initialization.h (both mozjs-78 and mozjs-91):
|
||||
|
||||
It is currently not possible to initialize SpiderMonkey multiple
|
||||
times (that is, calling JS_Init/JSAPI methods/JS_ShutDown in that
|
||||
order, then doing so again).
|
||||
|
||||
This misusage does not cause severe issues with mozjs-78. However, when
|
||||
we eventually port jsauthority to use mozjs-91, bad thing will happen:
|
||||
see the test failure mentioned in #150.
|
||||
|
||||
This commit is tested with both mozjs-78 and mozjs-91, all tests pass
|
||||
with it.
|
||||
---
|
||||
src/polkitbackend/polkitbackendjsauthority.cpp | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
index ca17108..b22c34e 100644
|
||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
@@ -75,6 +75,13 @@
|
||||
|
||||
/* ---------------------------------------------------------------------------------------------------- */
|
||||
|
||||
+static class JsInitHelperType
|
||||
+{
|
||||
+public:
|
||||
+ JsInitHelperType() { JS_Init(); }
|
||||
+ ~JsInitHelperType() { JS_ShutDown(); }
|
||||
+} JsInitHelper;
|
||||
+
|
||||
struct _PolkitBackendJsAuthorityPrivate
|
||||
{
|
||||
gchar **rules_dirs;
|
||||
@@ -589,7 +596,6 @@ polkit_backend_js_authority_finalize (GObject *object)
|
||||
delete authority->priv->js_polkit;
|
||||
|
||||
JS_DestroyContext (authority->priv->cx);
|
||||
- /* JS_ShutDown (); */
|
||||
|
||||
G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object);
|
||||
}
|
||||
@@ -666,7 +672,6 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
|
||||
|
||||
g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate));
|
||||
|
||||
- JS_Init ();
|
||||
}
|
||||
|
||||
/* ---------------------------------------------------------------------------------------------------- */
|
||||
--
|
||||
GitLab
|
||||
|
||||
|
||||
From 2b5f49a4e4266d2c327ef55e6df121511e23236b Mon Sep 17 00:00:00 2001
|
||||
From: Xi Ruoyao <xry111@mengyan1223.wang>
|
||||
Date: Tue, 25 Jan 2022 19:20:58 +0800
|
||||
Subject: [PATCH 2/3] jsauthority: port to mozjs-91
|
||||
|
||||
---
|
||||
configure.ac | 2 +-
|
||||
meson.build | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index e434ca2..6783ee7 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
|
||||
AC_SUBST(GLIB_CFLAGS)
|
||||
AC_SUBST(GLIB_LIBS)
|
||||
|
||||
-PKG_CHECK_MODULES(LIBJS, [mozjs-78])
|
||||
+PKG_CHECK_MODULES(LIBJS, [mozjs-91])
|
||||
|
||||
AC_SUBST(LIBJS_CFLAGS)
|
||||
AC_SUBST(LIBJS_CXXFLAGS)
|
||||
--
|
||||
diff --git a/meson.build b/meson.build
|
||||
index 858078d..09cce0f 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -133,7 +133,7 @@ expat_dep = dependency('expat')
|
||||
assert(cc.has_header('expat.h', dependencies: expat_dep), 'Can\'t find expat.h. Please install expat.')
|
||||
assert(cc.has_function('XML_ParserCreate', dependencies: expat_dep), 'Can\'t find expat library. Please install expat.')
|
||||
|
||||
-mozjs_dep = dependency('mozjs-78')
|
||||
+mozjs_dep = dependency('mozjs-91')
|
||||
|
||||
dbus_dep = dependency('dbus-1', required: false)
|
||||
dbus_policydir = pk_prefix / pk_datadir / 'dbus-1/system.d'
|
||||
--
|
||||
GitLab
|
||||
|
14
polkit.spec
14
polkit.spec
|
@ -6,13 +6,16 @@
|
|||
Summary: An authorization framework
|
||||
Name: polkit
|
||||
Version: 0.120
|
||||
Release: 3%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: http://www.freedesktop.org/wiki/Software/polkit
|
||||
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
||||
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
|
||||
|
||||
Patch1: a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
|
||||
Patch2: CVE-2021-4115.patch
|
||||
# https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/92
|
||||
Patch3: mozjs91.patch
|
||||
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: glib2-devel >= 2.30.0
|
||||
|
@ -22,7 +25,7 @@ BuildRequires: gtk-doc
|
|||
BuildRequires: intltool
|
||||
BuildRequires: gobject-introspection-devel
|
||||
BuildRequires: systemd, systemd-devel
|
||||
BuildRequires: pkgconfig(mozjs-78)
|
||||
BuildRequires: pkgconfig(mozjs-91)
|
||||
BuildRequires: git
|
||||
|
||||
%if 0%{?enable_autoreconf}
|
||||
|
@ -176,6 +179,13 @@ exit 0
|
|||
%{_libdir}/girepository-1.0/*.typelib
|
||||
|
||||
%changelog
|
||||
* Sun Feb 20 2022 Jan Rybar <jrybar@redhat.com> - 0.120-5
|
||||
- switch to mozjs91
|
||||
|
||||
* Wed Feb 16 2022 Jan Rybar <jrybar@redhat.com> - 0.120-4
|
||||
- file descriptor exhaustion (GHSL-2021-077)
|
||||
- Resolves: CVE-2021-4115
|
||||
|
||||
* Wed Jan 26 2022 Timothée Ravier <tim@siosm.fr> - 0.120-3
|
||||
- Fix for CVE-2021-4034
|
||||
|
||||
|
|
Loading…
Reference in New Issue