1 files changed, 33 insertions, 0 deletions

diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c
index cfa77fc..e23f9f5 100644
--- a/src/polkitagent/polkitagenthelperprivate.c
+++ b/src/polkitagent/polkitagenthelperprivate.c
@@ -23,6 +23,7 @@
 #include "config.h"
 #include "polkitagenthelperprivate.h"
 #include <stdio.h>
+#include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
 
@@ -45,6 +46,38 @@ _polkit_clearenv (void)
 #endif
 
 
+char *
+read_cookie (int argc, char **argv)
+{
+  /* As part of CVE-2015-4625, we started passing the cookie
+   * on standard input, to ensure it's not visible to other
+   * processes.  However, to ensure that things continue
+   * to work if the setuid binary is upgraded while old
+   * agents are still running (this will be common with
+   * package managers), we support both modes.
+   */
+  if (argc == 3)
+    return strdup (argv[2]);
+  else
+    {
+      char *ret = NULL;
+      size_t n = 0;
+      ssize_t r = getline (&ret, &n, stdin);
+      if (r == -1)
+        {
+          if (!feof (stdin))
+            perror ("getline");
+          free (ret);
+          return NULL;
+        }
+      else
+        {
+          g_strchomp (ret);
+          return ret;
+        }
+    }
+}
+
 gboolean
 send_dbus_message (const char *cookie, const char *user)
 {