diff options
author | Marco Trevisan (Treviño) <mail@3v1n0.net> | 2020-10-27 15:14:27 +0100 |
---|---|---|
committer | Marco Trevisan (Treviño) <mail@3v1n0.net> | 2020-11-03 19:12:55 +0100 |
commit | dc8235128c3a1fcd5da8f30ab6839d413d353f28 (patch) | |
tree | 7fd170e94798f547ae1e05f6c362797db8281eb8 | |
parent | 3aa50347b3ca39a7e73571611714bfd10aa6d9d3 (diff) | |
download | gdm-dc8235128c3a1fcd5da8f30ab6839d413d353f28.tar.gz |
display: Exit with failure if loading existing users fails
Given not having users may make GDM to launch initial setup, that
allows to create new users (potentially with sudo capabilities), it's
better to make look_for_existing_users() to return its status and only
if it didn't fail continue the gdm execution.
GHSL-2020-202
CVE-2020-16125
Fixes #642
-rw-r--r-- | daemon/gdm-display.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c index d1d24956..687e7da4 100644 --- a/daemon/gdm-display.c +++ b/daemon/gdm-display.c @@ -510,7 +510,7 @@ gdm_display_real_prepare (GdmDisplay *self) return TRUE; } -static void +static gboolean look_for_existing_users_sync (GdmDisplay *self) { GdmDisplayPrivate *priv; @@ -528,7 +528,7 @@ look_for_existing_users_sync (GdmDisplay *self) &error); if (!priv->accountsservice_proxy) { - g_warning ("Failed to contact accountsservice: %s", error->message); + g_critical ("Failed to contact accountsservice: %s", error->message); goto out; } @@ -541,7 +541,7 @@ look_for_existing_users_sync (GdmDisplay *self) &error); if (!call_result) { - g_warning ("Failed to list cached users: %s", error->message); + g_critical ("Failed to list cached users: %s", error->message); goto out; } @@ -551,6 +551,7 @@ look_for_existing_users_sync (GdmDisplay *self) g_variant_unref (call_result); out: g_clear_error (&error); + return priv->accountsservice_proxy != NULL && call_result != NULL; } gboolean @@ -568,7 +569,9 @@ gdm_display_prepare (GdmDisplay *self) /* FIXME: we should probably do this in a more global place, * asynchronously */ - look_for_existing_users_sync (self); + if (!look_for_existing_users_sync (self)) { + exit (EXIT_FAILURE); + } priv->doing_initial_setup = wants_initial_setup (self); |