rpms/polkit
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import polkit-0.115-13.el8_5.1

Browse Source
This commit is contained in:
CentOS Sources 2022-01-25 12:40:35 -05:00 committed by Stepan Oksanichenko
parent 5948bcba1d
commit 133a8fbc24
2 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
SOURCES/polkit-0.115-CVE-2021-4034.patch Normal file
View File

@ -0,0 +1,69 @@
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
index f1bb4e1..aff4f60 100644
--- a/src/programs/pkcheck.c
+++ b/src/programs/pkcheck.c
@@ -363,6 +363,12 @@ main (int argc, char *argv[])
local_agent_handle = NULL;
ret = 126;
+ if (argc < 1)
+ {
+ help();
+ exit(1);
+ }
+
/* Disable remote file access from GIO. */
setenv ("GIO_USE_VFS", "local", 1);
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 7698c5c..d84dc57 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -488,6 +488,17 @@ main (int argc, char *argv[])
pid_t pid_of_caller;
gpointer local_agent_handle;
+
+ /*
+ * If 'pkexec' is called wrong, just show help and bail out.
+ */
+ if (argc<1)
+ {
+ clearenv();
+ usage(argc, argv);
+ exit(1);
+ }
+
ret = 127;
authority = NULL;
subject = NULL;
@@ -614,10 +625,10 @@ main (int argc, char *argv[])
path = g_strdup (pwstruct.pw_shell);
if (!path)
- {
+ {
g_printerr ("No shell configured or error retrieving pw_shell\n");
goto out;
- }
+ }
/* If you change this, be sure to change the if (!command_line)
case below too */
command_line = g_strdup (path);
@@ -636,7 +647,15 @@ main (int argc, char *argv[])
goto out;
}
g_free (path);
- argv[n] = path = s;
+ path = s;
+
+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
+ */
+ if (argv[n] != NULL)
+ {
+ argv[n] = path;
+ }
}
if (access (path, F_OK) != 0)
{

7
SPECS/polkit.spec
View File

@ -6,7 +6,7 @@
Summary: An authorization framework Summary: An authorization framework
Name: polkit Name: polkit
Version: 0.115 Version: 0.115
Release: 12%{?dist} Release: 13%{?dist}.1
License: LGPLv2+ License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/polkit URL: http://www.freedesktop.org/wiki/Software/polkit
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
@ -26,6 +26,7 @@ Patch9: polkit-0.115-move-to-mozjs60.patch
Patch10: polkit-0.115-jsauthority-memleak.patch Patch10: polkit-0.115-jsauthority-memleak.patch
Patch11: polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch Patch11: polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
Patch12: polkit-0.115-CVE-2021-3560.patch Patch12: polkit-0.115-CVE-2021-3560.patch
Patch13: polkit-0.115-CVE-2021-4034.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -191,6 +192,10 @@ exit 0
%{_libdir}/girepository-1.0/*.typelib %{_libdir}/girepository-1.0/*.typelib
%changelog %changelog
* Fri Dec 03 2021 Jan Rybar <jrybar@redhat.com> - 0.115-13.el8_5.1
- pkexec: argv overflow results in local privilege esc.
- Resolves: CVE-2021-4034
* Tue May 25 2021 Jan Rybar <jrybar@redhat.com> - 0.115-12 * Tue May 25 2021 Jan Rybar <jrybar@redhat.com> - 0.115-12
- early disconnection from D-Bus results in privilege esc. - early disconnection from D-Bus results in privilege esc.
- Resolves: CVE-2021-3560 - Resolves: CVE-2021-3560