From 5b7f91085ed6f4fd6d5a5f3fe0a90fac17dfa64a Mon Sep 17 00:00:00 2001 From: peijiankang Date: Mon, 22 May 2023 14:38:31 +0800 Subject: [PATCH] fix createuser critical vulnerabilities --- plugins/account/userinfo/changeuserpwd.cpp | 5 +---- plugins/account/userinfo/createusernew.cpp | 1 - registeredQDbus/sysdbusregister.cpp | 7 +++++-- registeredQDbus/sysdbusregister.h | 2 +- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/plugins/account/userinfo/changeuserpwd.cpp b/plugins/account/userinfo/changeuserpwd.cpp index a216449..8017a9b 100644 --- a/plugins/account/userinfo/changeuserpwd.cpp +++ b/plugins/account/userinfo/changeuserpwd.cpp @@ -421,10 +421,7 @@ void ChangeUserPwd::setupConnect(){ return; } - QDBusReply reply = tmpiface.call("setPid", QCoreApplication::applicationPid()); - if (reply.isValid()){ - tmpiface.call("changeOtherUserPasswd", name, newPwdLineEdit->text()); - } + tmpiface.call("changeOtherUserPasswd", name, newPwdLineEdit->text()); this->accept(); }); diff --git a/plugins/account/userinfo/createusernew.cpp b/plugins/account/userinfo/createusernew.cpp index ae378bf..22542ba 100644 --- a/plugins/account/userinfo/createusernew.cpp +++ b/plugins/account/userinfo/createusernew.cpp @@ -376,7 +376,6 @@ void CreateUserNew::setConnect(){ if (tmpSysinterface.isValid()){ - tmpSysinterface.call("setPid", QCoreApplication::applicationPid()); tmpSysinterface.call("createUser", usernameLineEdit->text(), nicknameLineEdit->text(), typeBtnGroup->checkedId(), DEFAULTFACE, newPwdLineEdit->text()); } else { diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp index 7f26c97..46766c3 100644 --- a/registeredQDbus/sysdbusregister.cpp +++ b/registeredQDbus/sysdbusregister.cpp @@ -303,7 +303,9 @@ int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){ int SysdbusRegister::createUser(QString name, QString fullname, int accounttype, QString faceicon, QString pwd){ //密码校验 - if (!checkCreateAuthorization()){ + QDBusConnection conn = connection(); + QDBusMessage msg = message(); + if (!checkCreateAuthorization(conn.interface()->servicePid(msg.service()).value())){ return 0; } @@ -336,8 +338,9 @@ int SysdbusRegister::createUser(QString name, QString fullname, int accounttype, } -bool SysdbusRegister::checkCreateAuthorization() +bool SysdbusRegister::checkCreateAuthorization(qint64 id) { + _id = id; if (_id == 0) return false; diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h index 0aca90d..9c413e6 100644 --- a/registeredQDbus/sysdbusregister.h +++ b/registeredQDbus/sysdbusregister.h @@ -51,7 +51,7 @@ public: ~SysdbusRegister(); public: - bool checkCreateAuthorization(); + bool checkCreateAuthorization(qint64 id); bool checkAuthorization(qint64 id); bool authoriyLogin(qint64 id); bool authoriyAutoLogin(qint64 id); -- 2.39.1