[neon/backports-focal/xdg-desktop-portal/Neon/unstable] src: Fail early when a request contains both fd and uri
Bastien Nocera
null at kde.org
Wed Jan 13 06:32:43 GMT 2021
Git commit 0ec0c5d00641f56e3f4faf813502c8003b727d05 by Bastien Nocera.
Committed on 20/07/2020 at 14:12.
Pushed by ash into branch 'Neon/unstable'.
Fail early when a request contains both fd and uri
M +15 -0 src/open-uri.c
M +14 -0 src/wallpaper.c
https://invent.kde.org/neon/backports-focal/xdg-desktop-portal/commit/0ec0c5d00641f56e3f4faf813502c8003b727d05
diff --git a/src/open-uri.c b/src/open-uri.c
index bb63478..31c8e9d 100644
--- a/src/open-uri.c
+++ b/src/open-uri.c
@@ -598,6 +598,21 @@ handle_open_in_thread_func (GTask *task,
REQUEST_AUTOLOCK (request);
+ /* Verify that either uri or fd is set, not both */
+ if (uri != NULL && fd != -1)
+ {
+ g_warning ("Rejecting invalid open-uri request (both URI and fd are set)");
+ if (request->exported)
+ {
+ g_variant_builder_init (&opts_builder, G_VARIANT_TYPE_VARDICT);
+ xdp_request_emit_response (XDP_REQUEST (request),
+ XDG_DESKTOP_PORTAL_RESPONSE_OTHER,
+ g_variant_builder_end (&opts_builder));
+ request_unexport (request);
+ }
+ return;
+ }
+
if (uri)
{
resolve_scheme_and_content_type (uri, &scheme, &content_type);
diff --git a/src/wallpaper.c b/src/wallpaper.c
index f580f85..10cac60 100644
--- a/src/wallpaper.c
+++ b/src/wallpaper.c
@@ -140,6 +140,20 @@ handle_set_wallpaper_in_thread_func (GTask *task,
fd = GPOINTER_TO_INT (g_object_get_data (G_OBJECT (request), "fd"));
options = ((GVariant *)g_object_get_data (G_OBJECT (request), "options"));
+ if (uri != NULL && fd != -1)
+ {
+ g_warning ("Rejecting invalid open-uri request (both URI and fd are set)");
+ if (request->exported)
+ {
+ xdp_request_emit_response (XDP_REQUEST (request),
+ XDG_DESKTOP_PORTAL_RESPONSE_OTHER,
+ NULL);
+ request_unexport (request);
+ }
+ return;
+ }
+
+
permission = get_permission_sync (app_id, PERMISSION_TABLE, PERMISSION_ID);
if (permission == PERMISSION_NO)
More information about the Neon-commits
mailing list