packages/nautilus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!24 Fix crash when copying an invalid file

Browse Source 
From: @Venland 
Reviewed-by: @open-bot 
Signed-off-by: @open-bot
This commit is contained in:
openeuler-ci-bot 2024-05-28 02:09:33 +00:00 committed by Gitee
commit 90ee5044b3
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
CVE-2022-37290.patch Normal file
View File

@ -0,0 +1,54 @@
From 78e757fe7650033d09def2e2e1540ea7c5651aab Mon Sep 17 00:00:00 2001
From: technology208 <technology@208suo.com>
Date: Mon, 20 May 2024 13:54:01 +0800
Subject: [PATCH] CreatePatch
---
src/nautilus-dbus-manager.c | 6 ++++++
src/nautilus-file-operations.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/src/nautilus-dbus-manager.c b/src/nautilus-dbus-manager.c
index 43f27e1..82be3b6 100644
--- a/src/nautilus-dbus-manager.c
+++ b/src/nautilus-dbus-manager.c
@@ -126,6 +126,12 @@ handle_create_folder (NautilusDBusFileOperations *object,
file = g_file_new_for_uri (uri);
basename = g_file_get_basename (file);
parent_file = g_file_get_parent (file);
+ if (parent_file == NULL || basename == NULL)
+ {
+ g_dbus_method_invocation_return_error (invocation, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, "Invalid uri: %s", uri);
+ return TRUE;
+ }
+
parent_file_uri = g_file_get_uri (parent_file);
g_application_hold (g_application_get_default ());
diff --git a/src/nautilus-file-operations.c b/src/nautilus-file-operations.c
index 7579cd0..ea4edb2 100644
--- a/src/nautilus-file-operations.c
+++ b/src/nautilus-file-operations.c
@@ -985,6 +985,11 @@ get_basename (GFile *file)
if (name == NULL)
{
basename = g_file_get_basename (file);
+ if (basename == NULL)
+ {
+ return g_strdup (_("unknown"));
+ }
+
if (g_utf8_validate (basename, -1, NULL))
{
name = basename;
@@ -4170,6 +4175,7 @@ get_unique_target_file (GFile *src,
if (dest == NULL)
{
basename = g_file_get_basename (src);
+ g_assert (basename == NULL);
if (g_utf8_validate (basename, -1, NULL))
{
--
2.33.0

6
nautilus.spec
View File

@ -1,6 +1,6 @@
Name: nautilus Name: nautilus
Version: 3.33.90 Version: 3.33.90
Release: 9 Release: 10
Summary: Default file manager for GNOME Summary: Default file manager for GNOME
License: GPLv3+ and LGPLv2+ License: GPLv3+ and LGPLv2+
URL: https://wiki.gnome.org/Apps/Nautilus URL: https://wiki.gnome.org/Apps/Nautilus
@ -21,6 +21,7 @@ Patch03: nautius-3.33.90-display-tooltip-content.patch
Patch04: nautius-3.33.90-translate-general-and-show-sidebar.patch Patch04: nautius-3.33.90-translate-general-and-show-sidebar.patch
Patch05: nautius-3.33.90-Add-right-click-sort-function.patch Patch05: nautius-3.33.90-Add-right-click-sort-function.patch
Patch06: nautius-3.33.90-Add-the-ability-to-create-document.patch Patch06: nautius-3.33.90-Add-the-ability-to-create-document.patch
Patch07: CVE-2022-37290.patch
%description %description
It's easier to manage your files for the GNOME desktop. Ability to browse directories on local and remote systems. It's easier to manage your files for the GNOME desktop. Ability to browse directories on local and remote systems.
@ -86,6 +87,9 @@ make test
%{_datadir}/metainfo/* %{_datadir}/metainfo/*
%changelog %changelog
* Tue May 21 2024 liweigang <liweiganga@uniontech.com> - 3.33.90-10
- Fix crash when copying an invalid file
* Thu Dec 15 2022 Guangzhong Yao <yaoguangzhong@xfusion.com> - 3.33.90-9 * Thu Dec 15 2022 Guangzhong Yao <yaoguangzhong@xfusion.com> - 3.33.90-9
- Type:bugfix - Type:bugfix
- Id:NA - Id:NA