packages/nautilus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!24 Fix crash when copying an invalid file

Browse Source 
From: @Venland 
Reviewed-by: @open-bot 
Signed-off-by: @open-bot
This commit is contained in:
openeuler-ci-bot 2024-05-28 02:09:33 +00:00 committed by Gitee
commit 90ee5044b3
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
CVE-2022-37290.patch Normal file
View File

@ -0,0 +1,54 @@
From 78e757fe7650033d09def2e2e1540ea7c5651aab Mon Sep 17 00:00:00 2001
From: technology208 <technology@208suo.com>
Date: Mon, 20 May 2024 13:54:01 +0800
Subject: [PATCH] CreatePatch
---
src/nautilus-dbus-manager.c | 6 ++++++
src/nautilus-file-operations.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/src/nautilus-dbus-manager.c b/src/nautilus-dbus-manager.c
index 43f27e1..82be3b6 100644
--- a/src/nautilus-dbus-manager.c
+++ b/src/nautilus-dbus-manager.c
@@ -126,6 +126,12 @@ handle_create_folder (NautilusDBusFileOperations *object,
file = g_file_new_for_uri (uri);
basename = g_file_get_basename (file);
parent_file = g_file_get_parent (file);
+ if (parent_file == NULL || basename == NULL)
+ {
+ g_dbus_method_invocation_return_error (invocation, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, "Invalid uri: %s", uri);
+ return TRUE;
+ }
+
parent_file_uri = g_file_get_uri (parent_file);
g_application_hold (g_application_get_default ());
diff --git a/src/nautilus-file-operations.c b/src/nautilus-file-operations.c
index 7579cd0..ea4edb2 100644
--- a/src/nautilus-file-operations.c
+++ b/src/nautilus-file-operations.c
@@ -985,6 +985,11 @@ get_basename (GFile *file)
if (name == NULL)
{
basename = g_file_get_basename (file);
+ if (basename == NULL)
+ {
+ return g_strdup (_("unknown"));
+ }
+
if (g_utf8_validate (basename, -1, NULL))
{
name = basename;
@@ -4170,6 +4175,7 @@ get_unique_target_file (GFile *src,
if (dest == NULL)
{
basename = g_file_get_basename (src);
+ g_assert (basename == NULL);
if (g_utf8_validate (basename, -1, NULL))
{
--
2.33.0

6
nautilus.spec
View File

@ -1,6 +1,6 @@
Name: nautilus
Version: 3.33.90
Release: 9
Release: 10
Summary: Default file manager for GNOME
License: GPLv3+ and LGPLv2+
URL: https://wiki.gnome.org/Apps/Nautilus
@ -21,6 +21,7 @@ Patch03: nautius-3.33.90-display-tooltip-content.patch
Patch04: nautius-3.33.90-translate-general-and-show-sidebar.patch
Patch05: nautius-3.33.90-Add-right-click-sort-function.patch
Patch06: nautius-3.33.90-Add-the-ability-to-create-document.patch
Patch07: CVE-2022-37290.patch
%description
It's easier to manage your files for the GNOME desktop. Ability to browse directories on local and remote systems.
@ -86,6 +87,9 @@ make test
%{_datadir}/metainfo/*
%changelog
* Tue May 21 2024 liweigang <liweiganga@uniontech.com> - 3.33.90-10
- Fix crash when copying an invalid file
* Thu Dec 15 2022 Guangzhong Yao <yaoguangzhong@xfusion.com> - 3.33.90-9
- Type:bugfix
- Id:NA