diff options
author | Colin Walters <walters@redhat.com> | 2015-05-30 09:06:23 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2015-06-03 15:56:59 -0400 |
commit | 48e646918efb2bf0b3b505747655726d7869f31c (patch) | |
tree | 6f46f419487da39bcf5407ffd96e8d4d34608e45 /.gitignore | |
parent | 87b2290c03f28841594451c7276e0ca44970c1fe (diff) | |
download | polkit-48e646918efb2bf0b3b505747655726d7869f31c.tar.gz |
CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent
Properly propagate the error, otherwise we dereference a `NULL`
pointer. This is a local, authenticated DoS.
`RegisterAuthenticationAgentWithOptions` and
`UnregisterAuthentication` have been validated to not need changes for
this.
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
https://bugs.freedesktop.org/show_bug.cgi?id=90829
Reported-by: Tavis Ormandy <taviso@google.com>
Reviewed-by: Philip Withnall <philip@tecnocode.co.uk>
Reviewed-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Colin Walters <walters@redhat.com>
Diffstat (limited to '.gitignore')
0 files changed, 0 insertions, 0 deletions