packages/ukui-control-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ukui-control-center/fix-createuser-critical-vulnerabilities.patch
peijiankang 2d8d42d3fd update new version 3.1.2
2023-05-23 15:24:12 +08:00

83 lines
3.1 KiB
Diff
Raw Blame History

From 5b7f91085ed6f4fd6d5a5f3fe0a90fac17dfa64a Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Mon, 22 May 2023 14:38:31 +0800
Subject: [PATCH] fix createuser critical vulnerabilities
---
plugins/account/userinfo/changeuserpwd.cpp | 5 +----
plugins/account/userinfo/createusernew.cpp | 1 -
registeredQDbus/sysdbusregister.cpp | 7 +++++--
registeredQDbus/sysdbusregister.h | 2 +-
4 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/plugins/account/userinfo/changeuserpwd.cpp b/plugins/account/userinfo/changeuserpwd.cpp
index a216449..8017a9b 100644
--- a/plugins/account/userinfo/changeuserpwd.cpp
+++ b/plugins/account/userinfo/changeuserpwd.cpp
@@ -421,10 +421,7 @@ void ChangeUserPwd::setupConnect(){
return;
}
- QDBusReply<int> reply = tmpiface.call("setPid", QCoreApplication::applicationPid());
- if (reply.isValid()){
- tmpiface.call("changeOtherUserPasswd", name, newPwdLineEdit->text());
- }
+ tmpiface.call("changeOtherUserPasswd", name, newPwdLineEdit->text());
this->accept();
});
diff --git a/plugins/account/userinfo/createusernew.cpp b/plugins/account/userinfo/createusernew.cpp
index ae378bf..22542ba 100644
--- a/plugins/account/userinfo/createusernew.cpp
+++ b/plugins/account/userinfo/createusernew.cpp
@@ -376,7 +376,6 @@ void CreateUserNew::setConnect(){
if (tmpSysinterface.isValid()){
- tmpSysinterface.call("setPid", QCoreApplication::applicationPid());
tmpSysinterface.call("createUser", usernameLineEdit->text(), nicknameLineEdit->text(), typeBtnGroup->checkedId(), DEFAULTFACE, newPwdLineEdit->text());
} else {
diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp
index 7f26c97..46766c3 100644
--- a/registeredQDbus/sysdbusregister.cpp
+++ b/registeredQDbus/sysdbusregister.cpp
@@ -303,7 +303,9 @@ int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){
int SysdbusRegister::createUser(QString name, QString fullname, int accounttype, QString faceicon, QString pwd){
//密码校验
- if (!checkCreateAuthorization()){
+ QDBusConnection conn = connection();
+ QDBusMessage msg = message();
+ if (!checkCreateAuthorization(conn.interface()->servicePid(msg.service()).value())){
return 0;
}
@@ -336,8 +338,9 @@ int SysdbusRegister::createUser(QString name, QString fullname, int accounttype,
}
-bool SysdbusRegister::checkCreateAuthorization()
+bool SysdbusRegister::checkCreateAuthorization(qint64 id)
{
+ _id = id;
if (_id == 0)
return false;
diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h
index 0aca90d..9c413e6 100644
--- a/registeredQDbus/sysdbusregister.h
+++ b/registeredQDbus/sysdbusregister.h
@@ -51,7 +51,7 @@ public:
~SysdbusRegister();
public:
- bool checkCreateAuthorization();
+ bool checkCreateAuthorization(qint64 id);
bool checkAuthorization(qint64 id);
bool authoriyLogin(qint64 id);
bool authoriyAutoLogin(qint64 id);
--
2.39.1
Reference in New Issue View Git Blame Copy Permalink