fix: Improve error handling in DMDbusHandler and DiskManagerService

- Added checks for the existence of current device paths in DMDbusHandler methods to prevent crashes and log warnings when paths are not found.
- Updated DiskManagerService to handle invalid invoker UID retrieval gracefully, ensuring proper authorization checks and logging warnings for failed operations.
- Refactored Btrfs size parsing to handle out-of-bounds access more safely.

These changes enhance the robustness and reliability of device management operations.

task: https://pms.uniontech.com/task-view-386519.html

Author: dengzhongyuan365-dev

application/partedproxy/dmdbushandler.cpp

@@ -290,7 +290,12 @@ DeviceInfoMap &DMDbusHandler::probDeviceInfo()
 PartitionVec DMDbusHandler::getCurDevicePartitionArr()
 {
     qDebug() << "DMDbusHandler::getCurDevicePartitionArr called.";
-    return m_deviceMap.find(m_curDevicePath).value().m_partition;
+    auto it = m_deviceMap.find(m_curDevicePath);
+    if (it != m_deviceMap.end()) {
+        return it.value().m_partition;
+    }
+    qWarning() << "Current device path not found in map:" << m_curDevicePath;
+    return PartitionVec();
 }
 
 const PartitionInfo &DMDbusHandler::getCurPartititonInfo()
@@ -302,13 +307,25 @@ const PartitionInfo &DMDbusHandler::getCurPartititonInfo()
 const DeviceInfo &DMDbusHandler::getCurDeviceInfo()
 {
     qDebug() << "DMDbusHandler::getCurDeviceInfo called.";
-    return m_deviceMap.find(m_curDevicePath).value();
+    auto it = m_deviceMap.find(m_curDevicePath);
+    if (it != m_deviceMap.end()) {
+        return it.value();
+    }
+    qWarning() << "Current device path not found in map:" << m_curDevicePath;
+    static const DeviceInfo empty;
+    return empty;
 }
 
 const Sector &DMDbusHandler::getCurDeviceInfoLength()
 {
     qDebug() << "DMDbusHandler::getCurDeviceInfoLength called.";
-    return m_deviceMap.find(m_curDevicePath).value().m_length;
+    auto it = m_deviceMap.find(m_curDevicePath);
+    if (it != m_deviceMap.end()) {
+        return it.value().m_length;
+    }
+    qWarning() << "Current device path not found in map:" << m_curDevicePath;
+    static const Sector zero = 0;
+    return zero;
 }
 
 void DMDbusHandler::mount(const QString &mountPath)

service/diskmanagerservice.cpp

@@ -152,7 +152,12 @@ bool DiskManagerService::mount(const QString &mountpath)
         return false;
     }
 
-    QString invokerUid = QString::number(connection().interface()->serviceUid(message().service()).value());
+    QDBusReply<uint> uidReply = connection().interface()->serviceUid(message().service());
+    if (!uidReply.isValid()) {
+        qWarning() << "Failed to get invoker UID for mount, refusing operation";
+        return false;
+    }
+    QString invokerUid = QString::number(uidReply.value());
     return m_partedcore->mountAndWriteFstab(mountpath, invokerUid);
 }
 
@@ -502,16 +507,25 @@ bool DiskManagerService::checkAuthorization(void)
     QString actionId("com.deepin.pkexec.deepin-diskmanager");
     QString serviceName = message().service();
 
-    if (serviceName == m_frontEndDBusName ||
-        connection().interface()->serviceUid(serviceName).value() == 0 ||
-        PolicyKitHelper::instance()->checkAuthorization(actionId, serviceName)) {
-        qDebug() << "Authorization granted for service:" << serviceName;
+    if (serviceName == m_frontEndDBusName) {
+        qDebug() << "Authorization granted for frontend:" << serviceName;
+        return true;
+    }
+
+    QDBusReply<uint> uidReply = connection().interface()->serviceUid(serviceName);
+    if (uidReply.isValid() && uidReply.value() == 0) {
+        qDebug() << "Authorization granted for root user";
         return true;
-    } else {
-        qWarning() << "Authorization denied for service:" << serviceName;
-        sendErrorReply(QDBusError::AccessDenied);
-        return false;
     }
+
+    if (PolicyKitHelper::instance()->checkAuthorization(actionId, serviceName)) {
+        qDebug() << "Authorization granted via Polkit for service:" << serviceName;
+        return true;
+    }
+
+    qWarning() << "Authorization denied for service:" << serviceName;
+    sendErrorReply(QDBusError::AccessDenied);
+    return false;
 #endif
 }
 

service/diskoperation/filesystems/btrfs.cpp

@@ -386,12 +386,7 @@ double Btrfs::btrfsSize2Double(QString &str)
         double num = numStr.toDouble();
         int index = str.indexOf(numStr);
         int pos = index + numStr.length();
-        if (pos < str.length()) {
-            qDebug() << "pos < str.length()";
-            char unit = str.at(pos).toLatin1();
-
-        }
-        char unit = str.at(pos).toLatin1();
+        char unit = (pos < str.length()) ? str.at(pos).toLatin1() : '\0';
         Byte_Value mult;
         switch (unit) {
             case 'K':	mult = KIBIBYTE ;	break ;

service/diskoperation/luksoperator/luksoperator.cpp

@@ -6,6 +6,7 @@
 #include "luksoperator.h"
 #include "../fsinfo.h"
 #include <QFile>
+#include <QSaveFile>
 #include <QDir>
 #include <QDateTime>
 #include <QJsonDocument>
@@ -668,6 +669,7 @@ bool LUKSOperator::wirteCrypttab(LUKS_INFO &luksInfo, bool isMount)
         qDebug() << "open /etc/crypttab failed, return false";
         return false;
     }
+    QFileDevice::Permissions origPerm = file.permissions();
 
     // read crypttab
     bool findflag = false; //目前默认只改第一个发现的uuid findflag 标志位：是否已经查找到uuid
@@ -698,18 +700,23 @@ bool LUKSOperator::wirteCrypttab(LUKS_INFO &luksInfo, bool isMount)
     }
     file.close();
 
-    //write crypttab
-    if (!file.open(QIODevice::ReadWrite | QIODevice::Truncate)) {
+    // 原子写入：先写临时文件，再 rename 到 /etc/crypttab，避免 TOCTOU 竞态
+    QSaveFile saveFile(QStringLiteral("/etc/crypttab"));
+    if (!saveFile.open(QIODevice::WriteOnly)) {
         qDebug() << "open /etc/crypttab for write failed, return false";
         return false;
     }
-
-    QTextStream out(&file);
+    QTextStream out(&saveFile);
     for (int i = 0; i < list.count(); i++) {
         out << list.at(i);
     }
     out.flush();
-    file.close();
+    if (!saveFile.commit()) {
+        qDebug() << "commit /etc/crypttab failed, return false";
+        return false;
+    }
+    // 恢复原文件权限，避免 QSaveFile 使用临时文件导致权限被 umask 改变
+    QFile::setPermissions(QStringLiteral("/etc/crypttab"), origPerm);
     qDebug() << "Successfully created key file:" << filePath;
     qDebug() << "LUKSOperator::wirteCrypttab END";
     return true;