rewrite selinux error handling to not abort due to a NULL read

2008-01-15  John (J5) Palmieri  <johnp@redhat.com>

	* bus/bus.c (bus_context_check_security_policy): rewrite selinux error
	handling to not abort due to a NULL read and to set the error only if
	it is not already set (Based off of FDO Bug #12430)

diff --git a/ChangeLog b/ChangeLog
index 88d0a57..b254f8e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,15 @@
 2008-01-15  John (J5) Palmieri  <johnp@redhat.com>
 
+       * bus/bus.c (bus_context_check_security_policy): rewrite selinux error
+       handling to not abort due to a NULL read and to set the error only if
+       it is not already set (Based off of FDO Bug #12430)
+
+2008-01-15  John (J5) Palmieri  <johnp@redhat.com>
+
        * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
 
        * dbus/dbus-internals.c (_dbus_read_uuid_file_without_creating,
-       _dbus_create_uuid_file_exclusively): add OOM handling
+       _dbus_create_uuid_file_exclusively): add OOM handling (FDO Bug #12952)
 
 2008-01-15  John (J5) Palmieri  <johnp@redhat.com>
 

diff --git a/bus/bus.c b/bus/bus.c
index 99e4856..864e48b 100644 (file)
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -1180,27 +1180,23 @@ bus_context_check_security_policy (BusContext     *context,
                                    dbus_message_get_error_name (message),
                                    dest ? dest : DBUS_SERVICE_DBUS, error))
         {
+          if (error != NULL && !dbus_error_is_set (error))
+            {
+              dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+                              "An SELinux policy prevents this sender "
+                              "from sending this message to this recipient "
+                              "(rejected message had interface \"%s\" "
+                              "member \"%s\" error name \"%s\" destination \"%s\")",
+                              dbus_message_get_interface (message) ?
+                              dbus_message_get_interface (message) : "(unset)",
+                              dbus_message_get_member (message) ?
+                              dbus_message_get_member (message) : "(unset)",
+                              dbus_message_get_error_name (message) ?
+                              dbus_message_get_error_name (message) : "(unset)",
+                              dest ? dest : DBUS_SERVICE_DBUS);
+              _dbus_verbose ("SELinux security check denying send to service\n");
+            }
 
-         if (dbus_error_is_set (error) &&
-             dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
-           {
-             return FALSE;
-           }
-         
-
-          dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
-                          "An SELinux policy prevents this sender "
-                          "from sending this message to this recipient "
-                          "(rejected message had interface \"%s\" "
-                          "member \"%s\" error name \"%s\" destination \"%s\")",
-                          dbus_message_get_interface (message) ?
-                          dbus_message_get_interface (message) : "(unset)",
-                          dbus_message_get_member (message) ?
-                          dbus_message_get_member (message) : "(unset)",
-                          dbus_message_get_error_name (message) ?
-                          dbus_message_get_error_name (message) : "(unset)",
-                          dest ? dest : DBUS_SERVICE_DBUS);
-          _dbus_verbose ("SELinux security check denying send to service\n");
           return FALSE;
         }