From 0f941e5e5ac79aeb8b17b66a26e1f53ce17f1595 Mon Sep 17 00:00:00 2001 From: peijiankang Date: Mon, 22 May 2023 13:26:29 +0800 Subject: [PATCH] fix createuser critical vulnerabilities (cherry picked from commit a097a45538cbe0531529597eff46ece846604740) --- ...rUserPasswd-critical-vulnerabilities.patch | 7 +- fix-createuser-critical-vulnerabilities.patch | 82 +++++++++++++++++++ ukui-control-center.spec | 6 +- 3 files changed, 91 insertions(+), 4 deletions(-) create mode 100644 fix-createuser-critical-vulnerabilities.patch diff --git a/fix-changeOtherUserPasswd-critical-vulnerabilities.patch b/fix-changeOtherUserPasswd-critical-vulnerabilities.patch index 71efbf4..a67008e 100644 --- a/fix-changeOtherUserPasswd-critical-vulnerabilities.patch +++ b/fix-changeOtherUserPasswd-critical-vulnerabilities.patch @@ -6,7 +6,7 @@ Subject: [PATCH] fix changeOtherUserPasswd critical vulnerabilities --- registeredQDbus/sysdbusregister.cpp | 6 ++++-- registeredQDbus/sysdbusregister.h | 2 +- - 2 files changed, 5 insertions(+), 3 deletions(-) + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp index 8b05278..476923f 100644 @@ -23,13 +23,14 @@ index 8b05278..476923f 100644 return 0; } -@@ -356,7 +358,7 @@ bool SysdbusRegister::checkCreateAuthorization() +@@ -356,7 +358,8 @@ bool SysdbusRegister::checkCreateAuthorization() } } -bool SysdbusRegister::checkAuthorization(){ +bool SysdbusRegister::checkAuthorization(qint64 id){ - ++ _id = id; + if (_id == 0) return false; diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h diff --git a/fix-createuser-critical-vulnerabilities.patch b/fix-createuser-critical-vulnerabilities.patch new file mode 100644 index 0000000..c08e307 --- /dev/null +++ b/fix-createuser-critical-vulnerabilities.patch @@ -0,0 +1,82 @@ +From 5b7f91085ed6f4fd6d5a5f3fe0a90fac17dfa64a Mon Sep 17 00:00:00 2001 +From: peijiankang +Date: Mon, 22 May 2023 14:38:31 +0800 +Subject: [PATCH] fix createuser critical vulnerabilities + +--- + plugins/account/userinfo/changeuserpwd.cpp | 5 +---- + plugins/account/userinfo/createusernew.cpp | 1 - + registeredQDbus/sysdbusregister.cpp | 7 +++++-- + registeredQDbus/sysdbusregister.h | 2 +- + 4 files changed, 7 insertions(+), 8 deletions(-) + +diff --git a/plugins/account/userinfo/changeuserpwd.cpp b/plugins/account/userinfo/changeuserpwd.cpp +index a216449..8017a9b 100644 +--- a/plugins/account/userinfo/changeuserpwd.cpp ++++ b/plugins/account/userinfo/changeuserpwd.cpp +@@ -421,10 +421,7 @@ void ChangeUserPwd::setupConnect(){ + return; + } + +- QDBusReply reply = tmpiface.call("setPid", QCoreApplication::applicationPid()); +- if (reply.isValid()){ +- tmpiface.call("changeOtherUserPasswd", name, newPwdLineEdit->text()); +- } ++ tmpiface.call("changeOtherUserPasswd", name, newPwdLineEdit->text()); + + this->accept(); + }); +diff --git a/plugins/account/userinfo/createusernew.cpp b/plugins/account/userinfo/createusernew.cpp +index ae378bf..22542ba 100644 +--- a/plugins/account/userinfo/createusernew.cpp ++++ b/plugins/account/userinfo/createusernew.cpp +@@ -376,7 +376,6 @@ void CreateUserNew::setConnect(){ + + if (tmpSysinterface.isValid()){ + +- tmpSysinterface.call("setPid", QCoreApplication::applicationPid()); + tmpSysinterface.call("createUser", usernameLineEdit->text(), nicknameLineEdit->text(), typeBtnGroup->checkedId(), DEFAULTFACE, newPwdLineEdit->text()); + + } else { +diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp +index 7f26c97..46766c3 100644 +--- a/registeredQDbus/sysdbusregister.cpp ++++ b/registeredQDbus/sysdbusregister.cpp +@@ -303,7 +303,9 @@ int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){ + int SysdbusRegister::createUser(QString name, QString fullname, int accounttype, QString faceicon, QString pwd){ + + //密码校验 +- if (!checkCreateAuthorization()){ ++ QDBusConnection conn = connection(); ++ QDBusMessage msg = message(); ++ if (!checkCreateAuthorization(conn.interface()->servicePid(msg.service()).value())){ + return 0; + } + +@@ -336,8 +338,9 @@ int SysdbusRegister::createUser(QString name, QString fullname, int accounttype, + + } + +-bool SysdbusRegister::checkCreateAuthorization() ++bool SysdbusRegister::checkCreateAuthorization(qint64 id) + { ++ _id = id; + + if (_id == 0) + return false; +diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h +index 0aca90d..9c413e6 100644 +--- a/registeredQDbus/sysdbusregister.h ++++ b/registeredQDbus/sysdbusregister.h +@@ -51,7 +51,7 @@ public: + ~SysdbusRegister(); + + public: +- bool checkCreateAuthorization(); ++ bool checkCreateAuthorization(qint64 id); + bool checkAuthorization(qint64 id); + bool authoriyLogin(qint64 id); + bool authoriyAutoLogin(qint64 id); +-- +2.39.1 + diff --git a/ukui-control-center.spec b/ukui-control-center.spec index f5fba19..0b67aaa 100644 --- a/ukui-control-center.spec +++ b/ukui-control-center.spec @@ -1,6 +1,6 @@ Name: ukui-control-center Version: 3.1.2 -Release: 15 +Release: 16 Summary: utilities to configure the UKUI desktop License: GPL-2+ URL: http://www.ukui.org @@ -17,6 +17,7 @@ Patch12: 0012-fix-add-group-failed-issue.patch Patch13: 0013-Fix-terminal-garbled-characters-when-not-root-user-change-locale-language.patch Patch14: 0014-fix-memorysize-of-aboutinfo.patch Patch15: fix-changeOtherUserPasswd-critical-vulnerabilities.patch +Patch16: fix-createuser-critical-vulnerabilities.patch BuildRequires: qt5-qtsvg-devel BuildRequires: gsettings-qt-devel @@ -142,6 +143,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon May 22 2023 peijiankang - 3.1.2-16 +- fix createuser critical vulnerabilities + * Mon May 22 2023 peijiankang - 3.1.2-15 - fix changeOtherUserPasswd critical vulnerabilities