51 lines
1.6 KiB
Diff
51 lines
1.6 KiB
Diff
From 41f79e92846945fe6adf55e25e80c38976a9845a Mon Sep 17 00:00:00 2001
|
|
From: peijiankang <peijiankang@kylinos.cn>
|
|
Date: Mon, 22 May 2023 10:54:44 +0800
|
|
Subject: [PATCH] fix changeOtherUserPasswd critical vulnerabilities
|
|
|
|
---
|
|
registeredQDbus/sysdbusregister.cpp | 6 ++++--
|
|
registeredQDbus/sysdbusregister.h | 2 +-
|
|
2 files changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp
|
|
index 8b05278..476923f 100644
|
|
--- a/registeredQDbus/sysdbusregister.cpp
|
|
+++ b/registeredQDbus/sysdbusregister.cpp
|
|
@@ -288,7 +288,9 @@ int SysdbusRegister::_changeOtherUserPasswd(QString username, QString pwd){
|
|
int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){
|
|
|
|
//密码校验
|
|
- if (!checkAuthorization()){
|
|
+ QDBusConnection conn = connection();
|
|
+ QDBusMessage msg = message();
|
|
+ if (!checkAuthorization(conn.interface()->servicePid(msg.service()).value())){
|
|
return 0;
|
|
}
|
|
|
|
@@ -356,7 +358,7 @@ bool SysdbusRegister::checkCreateAuthorization()
|
|
}
|
|
}
|
|
|
|
-bool SysdbusRegister::checkAuthorization(){
|
|
+bool SysdbusRegister::checkAuthorization(qint64 id){
|
|
|
|
if (_id == 0)
|
|
return false;
|
|
diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h
|
|
index 7942715..0aca90d 100644
|
|
--- a/registeredQDbus/sysdbusregister.h
|
|
+++ b/registeredQDbus/sysdbusregister.h
|
|
@@ -52,7 +52,7 @@ public:
|
|
|
|
public:
|
|
bool checkCreateAuthorization();
|
|
- bool checkAuthorization();
|
|
+ bool checkAuthorization(qint64 id);
|
|
bool authoriyLogin(qint64 id);
|
|
bool authoriyAutoLogin(qint64 id);
|
|
bool authoriyDelete(qint64 id);
|
|
--
|
|
2.39.1
|
|
|