background: Improve validation of commandline option

Check that the first commandline item doesn't start with whitespaces or a hyphen. Also sneakily plug a memory leak, g_variant_get_strv() is transfer- container. Switch to g_autofree on the variable. Mitigates: CVE-2024-32462
flatpak · Apr 18, 2024 · 0cad9ea · 0cad9ea
1 parent 0648ddd
commit 0cad9ea
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/src/background.c b/src/background.c
@@ -854,7 +854,7 @@ validate_commandline (const char *key,
                       GError **error)
 {
   gsize length;
-  const char **strv = g_variant_get_strv (value, &length);
+  g_autofree const char **strv = g_variant_get_strv (value, &length);
 
   if (strv[0] == NULL)
     {
@@ -870,6 +870,13 @@ validate_commandline (const char *key,
       return FALSE;
     }
 
+  if (*strv[0] == ' ' || *strv[0] == '-')
+    {
+      g_set_error (error, XDG_DESKTOP_PORTAL_ERROR, XDG_DESKTOP_PORTAL_ERROR_INVALID_ARGUMENT,
+                   "First commandline item can't start with whitespace nor hyphens");
+      return FALSE;
+    }
+
   if (length > 100)
     {
       g_set_error (error, XDG_DESKTOP_PORTAL_ERROR, XDG_DESKTOP_PORTAL_ERROR_INVALID_ARGUMENT,