diff options
author | Austin Sullivan <asully@chromium.org> | 2022-05-12 04:52:20 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2022-07-25 14:22:52 +0000 |
commit | b9f4853e8fe92ac7681bde21d016f6c63926a3ba (patch) | |
tree | 49f25cb05f65e218811c4a75d7dc7349fb5c899b | |
parent | aab054ee7160f3eca2e0c33fe7d617660e945fba (diff) | |
download | qtwebengine-chromium-b9f4853e8fe92ac7681bde21d016f6c63926a3ba.tar.gz |
[Backport] CVE-2022-2162: Insufficient policy enforcement in File System API
Cherry pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3638698:
FSA: Sanitize .url files
Bug: 1307930
Change-Id: I7ed3cca5942a5334ba761d269bdd8961fa9d13fe
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Auto-Submit: Austin Sullivan <asully@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1002495}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/content/browser/file_system_access/file_system_chooser.cc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/chromium/content/browser/file_system_access/file_system_chooser.cc b/chromium/content/browser/file_system_access/file_system_chooser.cc index 0dfe627b4ad..562dd174d4d 100644 --- a/chromium/content/browser/file_system_access/file_system_chooser.cc +++ b/chromium/content/browser/file_system_access/file_system_chooser.cc @@ -276,13 +276,15 @@ bool FileSystemChooser::IsShellIntegratedExtension( base::FilePath::StringType extension_lower = base::ToLowerASCII(GetLastExtension(extension)); - // .lnk and .scf files may be used to execute arbitrary code (see + // '.lnk' and '.scf' files may be used to execute arbitrary code (see // https://nvd.nist.gov/vuln/detail/CVE-2010-2568 and - // https://crbug.com/1227995, respectively). .local files are used by Windows - // to determine which DLLs to load for an application. + // https://crbug.com/1227995, respectively). '.local' files are used by + // Windows to determine which DLLs to load for an application. '.url' files + // can be used to read arbirtary files (see https://crbug.com/1307930). if ((extension_lower == FILE_PATH_LITERAL("lnk")) || (extension_lower == FILE_PATH_LITERAL("local")) || - (extension_lower == FILE_PATH_LITERAL("scf"))) { + (extension_lower == FILE_PATH_LITERAL("scf")) || + (extension_lower == FILE_PATH_LITERAL("url"))) { return true; } |