Created attachment 116267 [details] [review] 0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch Properly propagate the error, otherwise we dereference a `NULL` pointer. This is a local, authenticated DoS.
See
See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000422.html
Comment on attachment 116267 [details] [review] 0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch Review of attachment 116267 [details] [review]: ----------------------------------------------------------------- Might want to mention in the commit message that RegisterAuthenticationAgentWithOptions and UnregisterAuthentication have also been checked and don’t need changes. Other than that, looks good to me! ::: src/polkitbackend/polkitbackendinteractiveauthority.c @@ +1551,5 @@ > const gchar *unique_system_bus_name, > const gchar *locale, > const gchar *object_path, > + GVariant *registration_options, > + GError **error) Technically the rest of the parameters should be re-indented because of the ‘**’ for the GError, but I really don’t care that much.
ACK.
http://cgit.freedesktop.org/polkit/commit/?id=48e646918efb2bf0b3b505747655726d7869f31c
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.