packages/ukui-control-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!153 [sync] PR-149: fix changeOtherUserPasswd critical vulnerabilities

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @peijiankang 
Signed-off-by: @peijiankang
This commit is contained in:
openeuler-ci-bot 2023-05-22 07:30:19 +00:00 committed by Gitee
commit 867f321f3e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
fix-changeOtherUserPasswd-critical-vulnerabilities.patch Normal file
View File

@ -0,0 +1,50 @@
From 41f79e92846945fe6adf55e25e80c38976a9845a Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Mon, 22 May 2023 10:54:44 +0800
Subject: [PATCH] fix changeOtherUserPasswd critical vulnerabilities
---
registeredQDbus/sysdbusregister.cpp | 6 ++++--
registeredQDbus/sysdbusregister.h | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp
index 8b05278..476923f 100644
--- a/registeredQDbus/sysdbusregister.cpp
+++ b/registeredQDbus/sysdbusregister.cpp
@@ -288,7 +288,9 @@ int SysdbusRegister::_changeOtherUserPasswd(QString username, QString pwd){
int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){
//密码校验
- if (!checkAuthorization()){
+ QDBusConnection conn = connection();
+ QDBusMessage msg = message();
+ if (!checkAuthorization(conn.interface()->servicePid(msg.service()).value())){
return 0;
}
@@ -356,7 +358,7 @@ bool SysdbusRegister::checkCreateAuthorization()
}
}
-bool SysdbusRegister::checkAuthorization(){
+bool SysdbusRegister::checkAuthorization(qint64 id){
if (_id == 0)
return false;
diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h
index 7942715..0aca90d 100644
--- a/registeredQDbus/sysdbusregister.h
+++ b/registeredQDbus/sysdbusregister.h
@@ -52,7 +52,7 @@ public:
public:
bool checkCreateAuthorization();
- bool checkAuthorization();
+ bool checkAuthorization(qint64 id);
bool authoriyLogin(qint64 id);
bool authoriyAutoLogin(qint64 id);
bool authoriyDelete(qint64 id);
--
2.39.1

6
ukui-control-center.spec
View File

@ -1,6 +1,6 @@
Name: ukui-control-center Name: ukui-control-center
Version: 3.1.2 Version: 3.1.2
Release: 14 Release: 15
Summary: utilities to configure the UKUI desktop Summary: utilities to configure the UKUI desktop
License: GPL-2+ License: GPL-2+
URL: http://www.ukui.org URL: http://www.ukui.org
@ -16,6 +16,7 @@ Patch11: 0011-Fix-about-copyright-display-error.patch
Patch12: 0012-fix-add-group-failed-issue.patch Patch12: 0012-fix-add-group-failed-issue.patch
Patch13: 0013-Fix-terminal-garbled-characters-when-not-root-user-change-locale-language.patch Patch13: 0013-Fix-terminal-garbled-characters-when-not-root-user-change-locale-language.patch
Patch14: 0014-fix-memorysize-of-aboutinfo.patch Patch14: 0014-fix-memorysize-of-aboutinfo.patch
Patch15: fix-changeOtherUserPasswd-critical-vulnerabilities.patch
BuildRequires: qt5-qtsvg-devel BuildRequires: qt5-qtsvg-devel
BuildRequires: gsettings-qt-devel BuildRequires: gsettings-qt-devel
@ -141,6 +142,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog %changelog
* Mon May 22 2023 peijiankang <peijiankang@kylinos.cn> - 3.1.2-15
- fix changeOtherUserPasswd critical vulnerabilities
* Thu Mar 30 2023 peijiankang <peijiankang@kylinos.cn> - 3.1.2-14 * Thu Mar 30 2023 peijiankang <peijiankang@kylinos.cn> - 3.1.2-14
- fix memorysize of aboutinfo - fix memorysize of aboutinfo