Go to file
Will Thompson a207f67f73 global: Don't trust persistent/runtime state data
An Endless OS system was found in the wild with a malformed
.local/share/gnome-shell/notifications. When deserialized in Python,
after passing trusted=True to g_variant_new_from_bytes(), the first
element of the first struct in the array looks like this:

    In [41]: _38.get_child_value(0).get_child_value(0)
    Out[41]: GLib.Variant('s', '\Uffffffff\Uffffffff\Uffffffff\Uffffffff\Uffffffff')

When deserialised in GJS, we get:

    gjs> v.get_child_value(0).get_child_value(0)
    [object variant of type "s"]
    gjs> v.get_child_value(0).get_child_value(0).get_string()
    typein:43:1 malformed UTF-8 character sequence at offset 0
      @typein:43:1
      @<stdin>:1:34

While g_variant_new_from_bytes() doesn't have much to say about its
'trusted' parameter, g_variant_new_from_data() does:

> If data is trusted to be serialised data in normal form then trusted
> should be TRUE. This applies to serialised data created within this
> process or read from a trusted location on the disk (such as a file
> installed in /usr/lib alongside your application). You should set
> trusted to FALSE if data is read from the network, a file in the
> user's home directory, etc.

Persistent state is read from the user's home directory, so it should
not be trusted. With trusted=False, the string value above comes out as
"".

I don't have an explanation for how this file ended up being malformed.
I also don't have an explanation for when this started crashing: my
guess is that recent GJS became stricter about validating UTF-8 but I
could be wrong!

https://gitlab.gnome.org/GNOME/gnome-shell/issues/1552
2019-09-03 01:00:50 +00:00
.gitlab-ci ci: Make eslint wrapper script usable outside gitlab's CI 2019-07-31 23:28:43 +02:00
.settings Clean out some eclipse artefacts 2019-02-13 04:39:26 +01:00
data Notify service startup to systemd 2019-08-27 17:42:32 +00:00
docs/reference docs: Fix interface prefix for D-Bus docs 2019-07-25 15:56:20 +02:00
js endSessionDialog: Initialize Polkit permission asynchronously 2019-09-01 12:45:49 +02:00
lint lint: Allow marking variables/arguments as unused 2019-07-24 00:28:45 +02:00
man man: Update project website 2018-01-07 21:39:18 +01:00
meson build: Run postinstall script where necessary 2018-04-09 19:19:33 +00:00
po Updated Czech translation 2019-09-02 08:53:00 +02:00
src global: Don't trust persistent/runtime state data 2019-09-03 01:00:50 +00:00
subprojects gvc: Update submodule to up-to-date version 2019-02-28 21:59:08 +01:00
test Add convert_xml test 2019-03-04 20:55:15 +00:00
tests tests: Add Params.parse() unit tests 2019-07-05 18:28:26 +02:00
tools build: Remove Canberra dependency 2019-01-09 23:09:18 +00:00
.eslintrc.json lint: Tweak the whitelist of globals 2019-07-12 16:01:07 +00:00
.gitignore Ignore '.vscode' folder for users of that editor 2019-04-02 17:37:31 +00:00
.gitlab-ci.yml ci: Set XDG_RUNTIME_DIR for tests 2019-08-27 15:30:51 +03:00
.gitmodules submodules: Replace non-functional git.gnome.org URL by GNOME Gitlab URL 2018-09-25 08:41:30 +02:00
cldr2json.py Fix override for fr-CA 2019-03-04 20:55:15 +00:00
config.h.meson Add check_cloexec_fds debug command 2018-07-30 23:11:41 +00:00
COPYING Changed obsolete FSF postal address. 2014-01-08 04:35:14 +07:00
gnome-shell.doap Replace Bugzilla by Gitlab URL in DOAP file 2018-12-15 23:26:54 +01:00
HACKING.md docs: Update animation section 2019-08-07 18:40:49 +02:00
meson_options.txt extensions-tool: Start import 2019-08-21 18:28:02 +02:00
meson.build Bump version to 3.33.91 2019-08-21 19:47:37 +00:00
NEWS Bump version to 3.33.91 2019-08-21 19:47:37 +00:00
README.md README.md: Add contribution section 2019-02-13 20:37:39 +01:00
README.mdwn Add basic documentation 2019-03-04 20:55:15 +00:00

GNOME Shell

GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications. GNOME Shell takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts to provide a visually attractive and easy to use experience.

For more information about GNOME Shell, including instructions on how to build GNOME Shell from source and how to get involved with the project, see the project wiki.

Bugs should be reported to the GNOME bug tracking system.

Contributing

To contribute, open merge requests at https://gitlab.gnome.org/GNOME/gnome-shell.

Commit messages should follow the GNOME commit message guidelines. We require an URL to either an issue or a merge request in each commit.

License

GNOME Shell is distributed under the terms of the GNU General Public License, version 2 or later. See the COPYING file for details.