global: Don't trust persistent/runtime state data
An Endless OS system was found in the wild with a malformed .local/share/gnome-shell/notifications. When deserialized in Python, after passing trusted=True to g_variant_new_from_bytes(), the first element of the first struct in the array looks like this: In [41]: _38.get_child_value(0).get_child_value(0) Out[41]: GLib.Variant('s', '\Uffffffff\Uffffffff\Uffffffff\Uffffffff\Uffffffff') When deserialised in GJS, we get: gjs> v.get_child_value(0).get_child_value(0) [object variant of type "s"] gjs> v.get_child_value(0).get_child_value(0).get_string() typein:43:1 malformed UTF-8 character sequence at offset 0 @typein:43:1 @<stdin>:1:34 While g_variant_new_from_bytes() doesn't have much to say about its 'trusted' parameter, g_variant_new_from_data() does: > If data is trusted to be serialised data in normal form then trusted > should be TRUE. This applies to serialised data created within this > process or read from a trusted location on the disk (such as a file > installed in /usr/lib alongside your application). You should set > trusted to FALSE if data is read from the network, a file in the > user's home directory, etc. Persistent state is read from the user's home directory, so it should not be trusted. With trusted=False, the string value above comes out as "". I don't have an explanation for how this file ended up being malformed. I also don't have an explanation for when this started crashing: my guess is that recent GJS became stricter about validating UTF-8 but I could be wrong! https://gitlab.gnome.org/GNOME/gnome-shell/issues/1552
This commit is contained in:
parent
b73aace476
commit
a207f67f73
@ -1577,7 +1577,7 @@ load_variant (GFile *dir,
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
GBytes *bytes = g_mapped_file_get_bytes (mfile);
|
GBytes *bytes = g_mapped_file_get_bytes (mfile);
|
||||||
res = g_variant_new_from_bytes (G_VARIANT_TYPE (property_type), bytes, TRUE);
|
res = g_variant_new_from_bytes (G_VARIANT_TYPE (property_type), bytes, FALSE);
|
||||||
g_bytes_unref (bytes);
|
g_bytes_unref (bytes);
|
||||||
g_mapped_file_unref (mfile);
|
g_mapped_file_unref (mfile);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user