[neon/backports-focal/xdg-desktop-portal/Neon/unstable] src: Fail early when a request contains both fd and uri

Bastien Nocera null at kde.org
Wed Jan 13 06:32:43 GMT 2021


Git commit 0ec0c5d00641f56e3f4faf813502c8003b727d05 by Bastien Nocera.
Committed on 20/07/2020 at 14:12.
Pushed by ash into branch 'Neon/unstable'.

Fail early when a request contains both fd and uri

M  +15   -0    src/open-uri.c
M  +14   -0    src/wallpaper.c

https://invent.kde.org/neon/backports-focal/xdg-desktop-portal/commit/0ec0c5d00641f56e3f4faf813502c8003b727d05

diff --git a/src/open-uri.c b/src/open-uri.c
index bb63478..31c8e9d 100644
--- a/src/open-uri.c
+++ b/src/open-uri.c
@@ -598,6 +598,21 @@ handle_open_in_thread_func (GTask *task,
 
   REQUEST_AUTOLOCK (request);
 
+  /* Verify that either uri or fd is set, not both */
+  if (uri != NULL && fd != -1)
+    {
+      g_warning ("Rejecting invalid open-uri request (both URI and fd are set)");
+      if (request->exported)
+        {
+          g_variant_builder_init (&opts_builder, G_VARIANT_TYPE_VARDICT);
+          xdp_request_emit_response (XDP_REQUEST (request),
+                                     XDG_DESKTOP_PORTAL_RESPONSE_OTHER,
+                                     g_variant_builder_end (&opts_builder));
+          request_unexport (request);
+        }
+      return;
+    }
+
   if (uri)
     {
       resolve_scheme_and_content_type (uri, &scheme, &content_type);
diff --git a/src/wallpaper.c b/src/wallpaper.c
index f580f85..10cac60 100644
--- a/src/wallpaper.c
+++ b/src/wallpaper.c
@@ -140,6 +140,20 @@ handle_set_wallpaper_in_thread_func (GTask *task,
   fd = GPOINTER_TO_INT (g_object_get_data (G_OBJECT (request), "fd"));
   options = ((GVariant *)g_object_get_data (G_OBJECT (request), "options"));
 
+  if (uri != NULL && fd != -1)
+    {
+      g_warning ("Rejecting invalid open-uri request (both URI and fd are set)");
+      if (request->exported)
+        {
+          xdp_request_emit_response (XDP_REQUEST (request),
+                                     XDG_DESKTOP_PORTAL_RESPONSE_OTHER,
+                                     NULL);
+          request_unexport (request);
+        }
+      return;
+    }
+
+
   permission = get_permission_sync (app_id, PERMISSION_TABLE, PERMISSION_ID);
 
   if (permission == PERMISSION_NO)



More information about the Neon-commits mailing list