| commit | 71e575ca269adfca425475862f17c942fba4ab75 | |
| author | Jan Synacek <jsynacek@redhat.com> | |
| Fri, 31 Jan 2020 14:17:25 +0000 (31 15:17 +0100) | ||
| committer | Lukas Nykryn <lnykryn@redhat.com> | |
| Mon, 3 Feb 2020 11:41:24 +0000 (3 12:41 +0100) | ||
| tree | b6ec0e6c359313376c17c187fa03d1f5b489ce88 | treesnapshot (tar.gz zip) |
| parent | b2578b354fa7f4bf6e597f173694f0e41acc0f20 | commitdiff |
polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it
Previously, when doing an async PK query we'd store the original
callback/userdata pair and call it again after the PK request is
complete. This is problematic, since PK queries might be slow and in the
meantime the userdata might be released and re-acquired. Let's avoid
this by always traversing through the message handlers so that we always
re-resolve the callback and userdata pair and thus can be sure it's
up-to-date and properly valid.
Resolves: CVE-2020-1712
Previously, when doing an async PK query we'd store the original
callback/userdata pair and call it again after the PK request is
complete. This is problematic, since PK queries might be slow and in the
meantime the userdata might be released and re-acquired. Let's avoid
this by always traversing through the message handlers so that we always
re-resolve the callback and userdata pair and thus can be sure it's
up-to-date and properly valid.
Resolves: CVE-2020-1712
| src/shared/bus-util.c | diffblobblamehistory |