Lines 1306-1311
user_change_icon_file_authorized_cb (Daemon *daemon,
Link Here
|
1306 |
|
1306 |
|
1307 |
{ |
1307 |
{ |
1308 |
g_autofree gchar *filename = NULL; |
1308 |
g_autofree gchar *filename = NULL; |
|
|
1309 |
g_autofree gchar *canon_filename = NULL; |
1309 |
g_autoptr(GFile) file = NULL; |
1310 |
g_autoptr(GFile) file = NULL; |
1310 |
g_autoptr(GFileInfo) info = NULL; |
1311 |
g_autoptr(GFileInfo) info = NULL; |
1311 |
guint32 mode; |
1312 |
guint32 mode; |
Lines 1355-1363
user_change_icon_file_authorized_cb (Daemon *daemon,
Link Here
|
1355 |
return; |
1356 |
return; |
1356 |
} |
1357 |
} |
1357 |
|
1358 |
|
|
|
1359 |
/* This will not resolve symlinks. But we only want to check for a |
1360 |
* trusted prefix below, so this should be enough. The important bit |
1361 |
* is that no user controlled path is stored in the user data. If |
1362 |
* canon_filename is not trusted then filename will be copied into a |
1363 |
* safe place and the path to the safe place will be stored in the |
1364 |
* user data. |
1365 |
*/ |
1366 |
canon_filename = g_file_get_path(file); |
1367 |
|
1358 |
if ((mode & S_IROTH) == 0 || |
1368 |
if ((mode & S_IROTH) == 0 || |
1359 |
(!g_str_has_prefix (filename, DATADIR) && |
1369 |
!canon_filename || |
1360 |
!g_str_has_prefix (filename, ICONDIR))) { |
1370 |
(!g_str_has_prefix (canon_filename, DATADIR) && |
|
|
1371 |
!g_str_has_prefix (canon_filename, ICONDIR))) { |
1361 |
g_autofree gchar *dest_path = NULL; |
1372 |
g_autofree gchar *dest_path = NULL; |
1362 |
g_autoptr(GFile) dest = NULL; |
1373 |
g_autoptr(GFile) dest = NULL; |
1363 |
const gchar *argv[3]; |
1374 |
const gchar *argv[3]; |
1364 |
- |
|
|