[gnome-desktop/wip/hadess/revert-filename-leak] Revert "thumbnails: keep the orignal file name"
- From: Bastien Nocera <hadess src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-desktop/wip/hadess/revert-filename-leak] Revert "thumbnails: keep the orignal file name"
- Date: Wed, 27 Oct 2021 15:14:45 +0000 (UTC)
commit 6bb71e26df3860c4cf9d26e101627b2b970927af
Author: Bastien Nocera <hadess hadess net>
Date: Wed Oct 27 17:10:45 2021 +0200
Revert "thumbnails: keep the orignal file name"
This reverts commit e7006be27b4a5048470a20079a6762ad4a0d2e18.
Passing the filename to an untrusted thumbnailer is a potential
information leak, or a possible method to get that thumbnailer
to crash.
The Flatpak sandboxing codepaths unfortunately cannot remap files, so
that's the reason why the original filename is passed.
libgnome-desktop/gnome-desktop-thumbnail-script.c | 27 ++++++++++++++++++-----
1 file changed, 21 insertions(+), 6 deletions(-)
---
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c
b/libgnome-desktop/gnome-desktop-thumbnail-script.c
index ddcc1511..0cb4fa86 100644
--- a/libgnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/libgnome-desktop/gnome-desktop-thumbnail-script.c
@@ -155,6 +155,21 @@ create_gst_cache_dir (void)
return out;
}
+static char *
+get_extension (const char *path)
+{
+ g_autofree char *basename = NULL;
+ char *p;
+
+ basename = g_path_get_basename (path);
+ p = strrchr (basename, '.');
+ if (g_file_test (path, G_FILE_TEST_IS_DIR) ||
+ !p ||
+ p == basename) /* Leading periods on the basename are ignored. */
+ return NULL;
+ return g_strdup (p + 1);
+}
+
#ifdef ENABLE_SECCOMP
static gboolean
flatpak_fail (GError **error,
@@ -951,8 +966,8 @@ script_exec_new (const char *uri,
if (exec->sandbox == SANDBOX_TYPE_BWRAP)
{
char *tmpl;
- const char *infile;
- g_autofree char *basename = NULL;
+ g_autofree char *ext = NULL;
+ g_autofree char *infile = NULL;
exec->fd_array = g_array_new (FALSE, TRUE, sizeof (int));
g_array_set_clear_func (exec->fd_array, clear_fd);
@@ -966,12 +981,12 @@ script_exec_new (const char *uri,
goto bail;
}
exec->outfile = g_build_filename (exec->outdir, "gnome-desktop-thumbnailer.png", NULL);
- basename = g_file_get_basename (file);
+ ext = get_extension (exec->infile);
- if (basename)
- infile = basename;
+ if (ext)
+ infile = g_strdup_printf ("gnome-desktop-file-to-thumbnail.%s", ext);
else
- infile = "gnome-desktop-file-to-thumbnail";
+ infile = g_strdup_printf ("gnome-desktop-file-to-thumbnail");
exec->infile_tmp = g_build_filename (exec->outdir, infile, NULL);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]