Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
windows:mingw:win32
mingw32-kdelibs4
0001-Remove-support-for-passing-gui-QVariants-t...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Remove-support-for-passing-gui-QVariants-to-KAuth-he.patch of Package mingw32-kdelibs4
From 2eec34cb7a2b1688eb8a82a7f249ed9fe5254af3 Mon Sep 17 00:00:00 2001 From: Ralf Habacker <ralf.habacker@freenet.de> Date: Wed, 20 Mar 2019 11:09:29 +0100 Subject: [PATCH] Remove support for passing gui QVariants to KAuth helpers Supporting gui variants is very dangerous since they can end up triggering image loading plugins which are one of the biggest vectors for crashes, which for very smart people mean possible code execution, which is very dangerous in code that is executed as root. We've checked all the KAuth helpers inside KDE git and none seems to be using gui variants, so we're not actually limiting anything that people wanted to do. Reviewed by security@kde.org and Aleix Pol Issue reported by Fabian Vogt CVE: CVE-2019-7443 --- kdecore/auth/backends/dbus/DBusHelperProxy.cpp | 9 +++++++++ kdecore/auth/kauthaction.h | 2 ++ 2 files changed, 11 insertions(+) diff --git a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp index ca59f1c..2f388ed 100644 --- a/kdecore/auth/backends/dbus/DBusHelperProxy.cpp +++ b/kdecore/auth/backends/dbus/DBusHelperProxy.cpp @@ -37,6 +37,8 @@ Q_DECLARE_METATYPE(QTimer*) +extern Q_CORE_EXPORT const void* qMetaTypeGuiHelper; + namespace KAuth { @@ -304,10 +306,17 @@ QByteArray DBusHelperProxy::performAction(const QString &action, const QByteArra return ActionReply::HelperBusyReply.serialized(); } + // Make sure we don't try restoring gui variants, in particular QImage/QPixmap/QIcon are super dangerous + // since they end up calling the image loaders and thus are a vector for crashing → executing code + const void* origMetaTypeGuiHelper = qMetaTypeGuiHelper; + qMetaTypeGuiHelper = NULL; + QVariantMap args; QDataStream s(&arguments, QIODevice::ReadOnly); s >> args; + qMetaTypeGuiHelper = origMetaTypeGuiHelper; + m_currentAction = action; emit remoteSignal(ActionStarted, action, QByteArray()); QEventLoop e; diff --git a/kdecore/auth/kauthaction.h b/kdecore/auth/kauthaction.h index 123883b..ce5011a 100644 --- a/kdecore/auth/kauthaction.h +++ b/kdecore/auth/kauthaction.h @@ -270,6 +270,8 @@ public: * This method sets the variant map that the application * can use to pass arbitrary data to the helper when executing the action. * + * Only non-gui variants are supported. + * * @param arguments The new arguments map */ void setArguments(const QVariantMap &arguments); -- 1.8.4.5
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor