From f2ebccf670543535f3e9c8f6e752e2ff4a348a41 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Wed, 3 May 2023 07:35:27 -0400 Subject: Validate exported commands a bit Avoid obvious nonsense. --- common/flatpak-dir.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 98af4647..94359dc6 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -8580,6 +8580,28 @@ flatpak_dir_update_deploy_ref (FlatpakDir *self, return TRUE; } +static gboolean +suitable_in_filename (const char *str, + GError **error) +{ + char *p; + + if (strlen (str) > 80) + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Too long"); + return FALSE; + } + + p = strpbrk (str, " \t\n/:"); + if (p) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Contains a bad byte: %c", *p); + return FALSE; + } + + return TRUE; +} + gboolean flatpak_dir_deploy (FlatpakDir *self, const char *origin, @@ -8969,10 +8991,17 @@ flatpak_dir_deploy (FlatpakDir *self, g_autofree char *escaped_cmd = NULL; GError *local_error = NULL; + if (!suitable_in_filename (commands[i], &local_error)) + { + g_warning ("Not exporting command '%s': %s", commands[i], local_error->message); + g_error_free (local_error); + continue; + } + g_set_object (&wrapper, NULL); g_clear_pointer (&bin_data, g_free); - filename = g_strconcat (ref_id, "-", commands[i], NULL); + filename = g_strconcat (ref_id, "+", commands[i], NULL); wrapper = g_file_get_child (bindir, filename); escaped_cmd = maybe_quote (commands[i]); -- cgit v1.2.1