[gnome-session/benzea/check-env-more-strictly: 2/2] util: Log variables excluded from environment upload

From: Benjamin Berg <bberg src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-session/benzea/check-env-more-strictly: 2/2] util: Log variables excluded from environment upload
Date: Mon, 19 Oct 2020 14:35:24 +0000 (UTC)


commit d0fe263da26c437b433ac2bada99a802089575a2
Author: Benjamin Berg <bberg redhat com>
Date:   Mon Oct 19 16:34:33 2020 +0200

    util: Log variables excluded from environment upload
    
    See: #71

 gnome-session/gsm-util.c | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)
---
diff --git a/gnome-session/gsm-util.c b/gnome-session/gsm-util.c
index 9d05fd7b5..bcad0eb99 100644
--- a/gnome-session/gsm-util.c
+++ b/gnome-session/gsm-util.c
@@ -568,17 +568,14 @@ gsm_util_export_activation_environment (GError     **error)
                 if (g_strv_contains (variable_blacklist, entry_name))
                     continue;
 
-                if (!g_utf8_validate (entry_name, -1, NULL))
-                    continue;
-
-                if (!g_regex_match (name_regex, entry_name, 0, NULL))
-                    continue;
-
-                if (!g_utf8_validate (entry_value, -1, NULL))
-                    continue;
+                if (!g_utf8_validate (entry_name, -1, NULL) ||
+                    !g_regex_match (name_regex, entry_name, 0, NULL) ||
+                    !g_utf8_validate (entry_value, -1, NULL) ||
+                    !g_regex_match (value_regex, entry_value, 0, NULL)) {
 
-                if (!g_regex_match (value_regex, entry_value, 0, NULL))
+                    g_message ("Environment variable is unsafe to export to dbus: %s", entry_name);
                     continue;
+                }
 
                 child_environment = g_environ_setenv (child_environment,
                                                       entry_name, entry_value,
@@ -655,11 +652,12 @@ gsm_util_export_user_environment (GError     **error)
         for (i = 0; entries[i] != NULL; i++) {
                 const char *entry = entries[i];
 
-                if (!g_utf8_validate (entry, -1, NULL))
-                    continue;
+                if (!g_utf8_validate (entry, -1, NULL) ||
+                    !g_regex_match (regex, entry, 0, NULL)) {
 
-                if (!g_regex_match (regex, entry, 0, NULL))
+                    g_message ("Environment entry is unsafe to upload into user environment: %s", entry);
                     continue;
+                }
 
                 g_variant_builder_add (&builder, "s", entry);
         }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]