diff options
| author | Simon McVittie <smcv@collabora.com> | 2021-03-05 13:51:33 +0000 |
|---|---|---|
| committer | Alexander Larsson <alexander.larsson@gmail.com> | 2021-03-10 11:13:38 +0100 |
| commit | a7401e638bf0c03102039e216ab1081922f140ae (patch) | |
| tree | b76c4f25338aaf93178ce13b27bb9aed1a6ff623 | |
| parent | eb7946bb6248923d8c90fe9b84425fef97ae580d (diff) | |
| download | flatpak-a7401e638bf0c03102039e216ab1081922f140ae.tar.gz | |
dir: Refuse to export .desktop files with suspicious uses of @@ tokens
This is either a malicious/compromised app trying to do an attack, or
a mistake that will break handling of %f, %u and so on. Either way,
if we refuse to export the .desktop file, resulting in installation
failing, then it makes the rejection more obvious than quietly
removing the magic tokens.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 46b3ede5241561c7d588951048c687c5075a3eac)
| -rw-r--r-- | common/flatpak-dir.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 19d2fb78..94a86f4a 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -7140,7 +7140,11 @@ export_desktop_file (const char *app, else if (strcasecmp (arg, "%u") == 0) g_string_append_printf (new_exec, " @@u %s @@", arg); else if (g_str_has_prefix (arg, "@@")) - g_print (_("Skipping invalid Exec argument %s\n"), arg); + { + flatpak_fail_error (error, FLATPAK_ERROR_EXPORT_FAILED, + _("Invalid Exec argument %s"), arg); + goto out; + } else g_string_append_printf (new_exec, " %s", arg); } |