packages/nautilus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix crash when copying an invalid file

Browse Source 
Signed-off-by: liweigang <liweiganga@uniontech.com>
This commit is contained in:
liweigang 2024-05-21 10:06:44 +08:00
parent 1e324cd538
commit 552b8eb9e0
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
CVE-2022-37290.patch Normal file
View File

@ -0,0 +1,54 @@
From 78e757fe7650033d09def2e2e1540ea7c5651aab Mon Sep 17 00:00:00 2001
From: technology208 <technology@208suo.com>
Date: Mon, 20 May 2024 13:54:01 +0800
Subject: [PATCH] CreatePatch
---
src/nautilus-dbus-manager.c | 6 ++++++
src/nautilus-file-operations.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/src/nautilus-dbus-manager.c b/src/nautilus-dbus-manager.c
index 43f27e1..82be3b6 100644
--- a/src/nautilus-dbus-manager.c
+++ b/src/nautilus-dbus-manager.c
@@ -126,6 +126,12 @@ handle_create_folder (NautilusDBusFileOperations *object,
file = g_file_new_for_uri (uri);
basename = g_file_get_basename (file);
parent_file = g_file_get_parent (file);
+ if (parent_file == NULL || basename == NULL)
+ {
+ g_dbus_method_invocation_return_error (invocation, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, "Invalid uri: %s", uri);
+ return TRUE;
+ }
+
parent_file_uri = g_file_get_uri (parent_file);
g_application_hold (g_application_get_default ());
diff --git a/src/nautilus-file-operations.c b/src/nautilus-file-operations.c
index 7579cd0..ea4edb2 100644
--- a/src/nautilus-file-operations.c
+++ b/src/nautilus-file-operations.c
@@ -985,6 +985,11 @@ get_basename (GFile *file)
if (name == NULL)
{
basename = g_file_get_basename (file);
+ if (basename == NULL)
+ {
+ return g_strdup (_("unknown"));
+ }
+
if (g_utf8_validate (basename, -1, NULL))
{
name = basename;
@@ -4170,6 +4175,7 @@ get_unique_target_file (GFile *src,
if (dest == NULL)
{
basename = g_file_get_basename (src);
+ g_assert (basename == NULL);
if (g_utf8_validate (basename, -1, NULL))
{
--
2.33.0

6
nautilus.spec
View File

@ -1,6 +1,6 @@
Name: nautilus Name: nautilus
Version: 3.33.90 Version: 3.33.90
Release: 9 Release: 10
Summary: Default file manager for GNOME Summary: Default file manager for GNOME
License: GPLv3+ and LGPLv2+ License: GPLv3+ and LGPLv2+
URL: https://wiki.gnome.org/Apps/Nautilus URL: https://wiki.gnome.org/Apps/Nautilus
@ -21,6 +21,7 @@ Patch03: nautius-3.33.90-display-tooltip-content.patch
Patch04: nautius-3.33.90-translate-general-and-show-sidebar.patch Patch04: nautius-3.33.90-translate-general-and-show-sidebar.patch
Patch05: nautius-3.33.90-Add-right-click-sort-function.patch Patch05: nautius-3.33.90-Add-right-click-sort-function.patch
Patch06: nautius-3.33.90-Add-the-ability-to-create-document.patch Patch06: nautius-3.33.90-Add-the-ability-to-create-document.patch
Patch07: CVE-2022-37290.patch
%description %description
It's easier to manage your files for the GNOME desktop. Ability to browse directories on local and remote systems. It's easier to manage your files for the GNOME desktop. Ability to browse directories on local and remote systems.
@ -86,6 +87,9 @@ make test
%{_datadir}/metainfo/* %{_datadir}/metainfo/*
%changelog %changelog
* Tue May 21 2024 liweigang <liweiganga@uniontech.com> - 3.33.90-10
- Fix crash when copying an invalid file
* Thu Dec 15 2022 Guangzhong Yao <yaoguangzhong@xfusion.com> - 3.33.90-9 * Thu Dec 15 2022 Guangzhong Yao <yaoguangzhong@xfusion.com> - 3.33.90-9
- Type:bugfix - Type:bugfix
- Id:NA - Id:NA