From: John (J5) Palmieri <johnp@redhat.com>
Date: Tue, 15 Jan 2008 19:20:43 +0000 (-0500)
Subject: rewrite selinux error handling to not abort due to a NULL read
X-Git-Tag: dbus-1.1.3~16
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9db435926fb82409caa2b5a7139781a95f105a63;p=platform%2Fupstream%2Fdbus.git

rewrite selinux error handling to not abort due to a NULL read

2008-01-15  John (J5) Palmieri  <johnp@redhat.com>

	* bus/bus.c (bus_context_check_security_policy): rewrite selinux error
	handling to not abort due to a NULL read and to set the error only if
	it is not already set (Based off of FDO Bug #12430)
---

diff --git a/ChangeLog b/ChangeLog
index 88d0a57..b254f8e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,15 @@
 2008-01-15  John (J5) Palmieri  <johnp@redhat.com>
 
+	* bus/bus.c (bus_context_check_security_policy): rewrite selinux error
+	handling to not abort due to a NULL read and to set the error only if
+	it is not already set (Based off of FDO Bug #12430)
+
+2008-01-15  John (J5) Palmieri  <johnp@redhat.com>
+
 	* patch by Kimmo HÃ¤mÃ¤lÃ¤inen <kimmo dot hamalainen at nokia dot com>
 
 	* dbus/dbus-internals.c (_dbus_read_uuid_file_without_creating,
-	_dbus_create_uuid_file_exclusively): add OOM handling
+	_dbus_create_uuid_file_exclusively): add OOM handling (FDO Bug #12952)
 
 2008-01-15  John (J5) Palmieri  <johnp@redhat.com>
 
diff --git a/bus/bus.c b/bus/bus.c
index 99e4856..864e48b 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -1180,27 +1180,23 @@ bus_context_check_security_policy (BusContext     *context,
 				    dbus_message_get_error_name (message),
 				    dest ? dest : DBUS_SERVICE_DBUS, error))
         {
+          if (error != NULL && !dbus_error_is_set (error))
+            {
+              dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
+                              "An SELinux policy prevents this sender "
+                              "from sending this message to this recipient "
+                              "(rejected message had interface \"%s\" "
+                              "member \"%s\" error name \"%s\" destination \"%s\")",
+                              dbus_message_get_interface (message) ?
+                              dbus_message_get_interface (message) : "(unset)",
+                              dbus_message_get_member (message) ?
+                              dbus_message_get_member (message) : "(unset)",
+                              dbus_message_get_error_name (message) ?
+                              dbus_message_get_error_name (message) : "(unset)",
+                              dest ? dest : DBUS_SERVICE_DBUS);
+              _dbus_verbose ("SELinux security check denying send to service\n");
+            }
 
-	  if (dbus_error_is_set (error) &&
-	      dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
-	    {
-	      return FALSE;
-	    }
-	  
-
-          dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
-                          "An SELinux policy prevents this sender "
-                          "from sending this message to this recipient "
-                          "(rejected message had interface \"%s\" "
-                          "member \"%s\" error name \"%s\" destination \"%s\")",
-                          dbus_message_get_interface (message) ?
-                          dbus_message_get_interface (message) : "(unset)",
-                          dbus_message_get_member (message) ?
-                          dbus_message_get_member (message) : "(unset)",
-                          dbus_message_get_error_name (message) ?
-                          dbus_message_get_error_name (message) : "(unset)",
-                          dest ? dest : DBUS_SERVICE_DBUS);
-          _dbus_verbose ("SELinux security check denying send to service\n");
           return FALSE;
         }
        
