projects
/
systembsd.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
c8a3e18
)
prevent directory traversal in setTimezone
author
kremlin
<ian@kremlin.cc>
Tue, 14 Oct 2014 15:11:13 +0000
(10:11 -0500)
committer
kremlin
<ian@kremlin.cc>
Tue, 14 Oct 2014 15:11:13 +0000
(10:11 -0500)
src/interfaces/timedated/timedated.c
patch
|
blob
|
blame
|
history
diff --git
a/src/interfaces/timedated/timedated.c
b/src/interfaces/timedated/timedated.c
index d4b0dceea6eb553a2c1923a579daf0c50258fe09..8fb1ce5bd206396d62373225eecd77e4f45935c6 100644
(file)
--- a/
src/interfaces/timedated/timedated.c
+++ b/
src/interfaces/timedated/timedated.c
@@
-219,7
+219,11
@@
on_handle_set_timezone(Timedate1 *td1_passed_interf,
strlcat(tz_target_path, "/", TZNAME_MAX);
strlcat(tz_target_path, proposed_tz, TZNAME_MAX);
strlcat(tz_target_path, "/", TZNAME_MAX);
strlcat(tz_target_path, proposed_tz, TZNAME_MAX);
- g_printf("%s\n", tz_target_path);
+ if(strstr(tz_target_path, "../")) {
+
+ g_dbus_method_invocation_return_dbus_error(invoc, "org.freedesktop.timedate1.Error.EBADF", "Provided timezone is invalid.");
+ return FALSE;
+ }
if(!statbuf)
return FALSE;
if(!statbuf)
return FALSE;
@@
-266,7
+270,9
@@
on_handle_set_local_rtc(Timedate1 *td1_passed_interf,
GDBusMethodInvocation *invoc,
const gchar *greet,
gpointer data) {
GDBusMethodInvocation *invoc,
const gchar *greet,
gpointer data) {
- return FALSE;
+
+ g_dbus_method_invocation_return_dbus_error(invoc, "org.freedesktop.timedate1.Error.ENODEV", "OpenBSD does not support setting the realtime clock in local time, only UTC.");
+ return TRUE;
}
static gboolean
}
static gboolean
@@
-324,6
+330,7
@@
our_get_timezone() {
return ret;
}
return ret;
}
+/* openbsd does not support setting the RTC to localtime, only UTC */
gboolean
our_get_local_rtc() {
gboolean
our_get_local_rtc() {