82 lines
2.6 KiB
Diff
82 lines
2.6 KiB
Diff
From aafe1d36e0225f54db8ca2ba03d8b1981c2d09e0 Mon Sep 17 00:00:00 2001
|
|
From: Simon McVittie <smcv@collabora.com>
|
|
Date: Wed, 26 Aug 2020 19:05:21 +0100
|
|
Subject: [PATCH] context: Do some syntactic normalization on filesystems
|
|
|
|
Paths containing ".." are rejected: they're almost certainly a
|
|
terrible idea.
|
|
|
|
Paths containing "." or multiple slashes are syntactically normalized.
|
|
|
|
This assumes that nobody is going to use "--filesystem=/foo/bar/" to
|
|
mean "make /foo/bar available, unless it's a non-directory, in which
|
|
case fail".
|
|
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
Conflict:NA
|
|
Reference:https://github.com/flatpak/flatpak/commit/aafe1d36e0225f54db8ca2ba03d8b1981c2d09e0
|
|
|
|
---
|
|
common/flatpak-context.c | 44 ++++++++++++++++++++++++++++++++++++++++
|
|
1 file changed, 44 insertions(+)
|
|
|
|
diff --git a/common/flatpak-context.c b/common/flatpak-context.c
|
|
index 3b2bcfe..84b292e 100644
|
|
--- a/common/flatpak-context.c
|
|
+++ b/common/flatpak-context.c
|
|
@@ -759,6 +759,50 @@ flatpak_context_parse_filesystem (const char *filesystem_and_mode,
|
|
GError **error)
|
|
{
|
|
g_autofree char *filesystem = parse_filesystem_flags (filesystem_and_mode, mode_out);
|
|
+ char *slash;
|
|
+
|
|
+ slash = strchr (filesystem, '/');
|
|
+
|
|
+ /* Forbid /../ in paths */
|
|
+ if (slash != NULL)
|
|
+ {
|
|
+ if (g_str_has_prefix (slash + 1, "../") ||
|
|
+ g_str_has_suffix (slash + 1, "/..") ||
|
|
+ strstr (slash + 1, "/../") != NULL)
|
|
+ {
|
|
+ g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_BAD_VALUE,
|
|
+ _("Filesystem location \"%s\" contains \"..\""),
|
|
+ filesystem);
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
+ /* Convert "//" and "/./" to "/" */
|
|
+ for (; slash != NULL; slash = strchr (slash + 1, '/'))
|
|
+ {
|
|
+ while (TRUE)
|
|
+ {
|
|
+ if (slash[1] == '/')
|
|
+ memmove (slash + 1, slash + 2, strlen (slash + 2) + 1);
|
|
+ else if (slash[1] == '.' && slash[2] == '/')
|
|
+ memmove (slash + 1, slash + 3, strlen (slash + 3) + 1);
|
|
+ else
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* Eliminate trailing "/." or "/". */
|
|
+ while (TRUE)
|
|
+ {
|
|
+ slash = strrchr (filesystem, '/');
|
|
+
|
|
+ if (slash != NULL &&
|
|
+ ((slash != filesystem && slash[1] == '\0') ||
|
|
+ (slash[1] == '.' && slash[2] == '\0')))
|
|
+ *slash = '\0';
|
|
+ else
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
|
|
if (g_strv_contains (flatpak_context_special_filesystems, filesystem) ||
|
|
get_xdg_user_dir_from_string (filesystem, NULL, NULL, NULL) ||
|
|
--
|
|
2.27.0
|
|
|