diff options
| author | Bastien Nocera <hadess@hadess.net> | 2021-10-27 17:10:45 +0200 |
|---|---|---|
| committer | Michael Catanzaro <mcatanzaro@gnome.org> | 2022-03-16 18:52:29 +0000 |
| commit | d05aa99068795c1ab1f7c02158355473d97b73c2 (patch) | |
| tree | 4a2ff83f8c2871e8a4d13acaea5a1f67cce268a7 | |
| parent | 1bf4f9863f14edd8c29acc7f4bc3d6b4f36c4d85 (diff) | |
| download | gnome-desktop-d05aa99068795c1ab1f7c02158355473d97b73c2.tar.gz | |
Revert "thumbnails: keep the orignal file name"
This reverts commit e7006be27b4a5048470a20079a6762ad4a0d2e18.
Passing the filename to an untrusted thumbnailer is a potential
information leak, or a possible method to get that thumbnailer
to crash.
The Flatpak sandboxing codepaths unfortunately cannot remap files, so
that's the reason why the original filename is passed.
| -rw-r--r-- | libgnome-desktop/gnome-desktop-thumbnail-script.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c b/libgnome-desktop/gnome-desktop-thumbnail-script.c index b6c31e93..34669571 100644 --- a/libgnome-desktop/gnome-desktop-thumbnail-script.c +++ b/libgnome-desktop/gnome-desktop-thumbnail-script.c @@ -155,6 +155,21 @@ create_gst_cache_dir (void) return out; } +static char * +get_extension (const char *path) +{ + g_autofree char *basename = NULL; + char *p; + + basename = g_path_get_basename (path); + p = strrchr (basename, '.'); + if (g_file_test (path, G_FILE_TEST_IS_DIR) || + !p || + p == basename) /* Leading periods on the basename are ignored. */ + return NULL; + return g_strdup (p + 1); +} + #ifdef ENABLE_SECCOMP static gboolean flatpak_fail (GError **error, @@ -951,8 +966,8 @@ script_exec_new (const char *uri, if (exec->sandbox == SANDBOX_TYPE_BWRAP) { char *tmpl; - const char *infile; - g_autofree char *basename = NULL; + g_autofree char *ext = NULL; + g_autofree char *infile = NULL; exec->fd_array = g_array_new (FALSE, TRUE, sizeof (int)); g_array_set_clear_func (exec->fd_array, clear_fd); @@ -966,12 +981,12 @@ script_exec_new (const char *uri, goto bail; } exec->outfile = g_build_filename (exec->outdir, "gnome-desktop-thumbnailer.png", NULL); - basename = g_file_get_basename (file); + ext = get_extension (exec->infile); - if (basename) - infile = basename; + if (ext) + infile = g_strdup_printf ("gnome-desktop-file-to-thumbnail.%s", ext); else - infile = "gnome-desktop-file-to-thumbnail"; + infile = g_strdup_printf ("gnome-desktop-file-to-thumbnail"); exec->infile_tmp = g_build_filename (exec->outdir, infile, NULL); |