Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
P
polkit
Manage
Activity
Members
Labels
Code
Merge requests
1
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Debian Utopia Team
polkit
Commits
7d797730
Commit
7d797730
authored
2 years ago
by
Simon McVittie
Browse files
Options
Downloads
Patches
Plain Diff
Add patch to fix a crash when one authorization implies another
parent
afe61209
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
debian/patches/Fix-a-crash-when-authorization-is-implied.patch
+34
-0
34 additions, 0 deletions
...n/patches/Fix-a-crash-when-authorization-is-implied.patch
debian/patches/series
+1
-0
1 addition, 0 deletions
debian/patches/series
with
35 additions
and
0 deletions
debian/patches/Fix-a-crash-when-authorization-is-implied.patch
0 → 100644
+
34
−
0
View file @
7d797730
From: Simon McVittie <smcv@debian.org>
Date: Wed, 23 Feb 2022 19:17:45 +0000
Subject: Fix a crash when authorization is implied
If authorization for one action is implied by authorization for another
action, the previous code unreffed result_details but did not set it to
null, and then jumped to "out" which tries to unref it again. This will
often be a use-after-free that leads to a crash.
This would often not be noticeable in practice, because polkitd gets
restarted automatically by D-Bus activation.
Commit 3b7868b3 "Make it possible for JS code to change details" deleted
this code as part of a larger refactor in newer upstream versions,
but we are 9 years behind upstream as a result of it not being clear
how best to handle the JavaScript dependency in newer versions.
Forwarded: not-needed, part of a larger commit upstream
---
src/polkitbackend/polkitbackendinteractiveauthority.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 1e17dfd..3185214 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -1232,7 +1232,6 @@
check_authorization_sync (PolkitBackendAuthority *authority,
g_debug (" is authorized (implied by %s)", imply_action_id);
result = implied_result;
/* cleanup */
- g_object_unref (result_details);
g_strfreev (tokens);
goto out;
}
This diff is collapsed.
Click to expand it.
debian/patches/series
+
1
−
0
View file @
7d797730
...
@@ -63,3 +63,4 @@ Statically-link-libpolkit-backend1-into-polkitd.patch
...
@@ -63,3 +63,4 @@ Statically-link-libpolkit-backend1-into-polkitd.patch
Remove-example-null-backend.patch
Remove-example-null-backend.patch
debian/01_pam_polkit.patch
debian/01_pam_polkit.patch
debian/05_revert-admin-identities-unix-group-wheel.patch
debian/05_revert-admin-identities-unix-group-wheel.patch
Fix-a-crash-when-authorization-is-implied.patch
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment