[Spice-commits] 2 commits - configure.ac gtk/spice-client-glib-usb-acl-helper.c gtk/spice-session.c
Christophe Fergau
teuf at kemper.freedesktop.org
Thu Sep 20 07:46:36 PDT 2012
configure.ac | 2 ++
gtk/spice-client-glib-usb-acl-helper.c | 24 +++++++++++++++++++++++-
gtk/spice-session.c | 17 ++++++++++-------
3 files changed, 35 insertions(+), 8 deletions(-)
New commits:
commit 504e57044af905a21d89a6effe3a3774eaad3634
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Thu Sep 20 10:41:39 2012 +0200
Unescape SpiceSession::uri component by component
Unescaping the whole URI and then parsing it is dangerous as
the unescaping may (for example) add some extra '/' in the URI
which are not part of a path. It's better to do the unescaping later
once the URI has been split in separate components.
This commit unescapes the path, host and query values. Handling escaped
query values is important for usernames/passwords which might contain
chars which are invalid in URIs.
If the host is enclosed in [], it's intentionally not escaped as this
contains an ipv6 URI, and may contain a %zone_id (see RFC4007). This is
consistent with libvirt/libxml2 behaviour, not with what gvfs does.
diff --git a/gtk/spice-session.c b/gtk/spice-session.c
index 5fbc1d2..68d1594 100644
--- a/gtk/spice-session.c
+++ b/gtk/spice-session.c
@@ -247,18 +247,15 @@ static int spice_uri_create(SpiceSession *session, char *dest, int len)
static int spice_uri_parse(SpiceSession *session, const char *original_uri)
{
SpiceSessionPrivate *s = SPICE_SESSION_GET_PRIVATE(session);
- gchar key[32], value[128];
gchar *host = NULL, *port = NULL, *tls_port = NULL, *uri = NULL, *password = NULL;
- gchar **target_key;
gchar *path = NULL;
+ gchar *unescaped_path = NULL;
gchar *authority = NULL;
gchar *query = NULL;
g_return_val_if_fail(original_uri != NULL, -1);
- uri = g_uri_unescape_string(original_uri, NULL);
- g_return_val_if_fail(uri != NULL, -1);
-
+ uri = g_strdup(original_uri);
/* Break up the URI into its various parts, scheme, authority,
* path (ignored) and query
@@ -308,7 +305,7 @@ static int spice_uri_parse(SpiceSession *session, const char *original_uri)
tmp++;
port = g_strdup(tmp);
}
- host = g_strdup(authority);
+ host = g_uri_unescape_string(authority, NULL);
}
if (path && !(g_str_equal(path, "") ||
@@ -316,8 +313,12 @@ static int spice_uri_parse(SpiceSession *session, const char *original_uri)
g_warning("Unexpected path data '%s' for URI '%s'", path, uri);
/* don't fail, just ignore */
}
+ unescaped_path = g_uri_unescape_string(path, NULL);
while (query && query[0] != '\0') {
+ gchar key[32], value[128];
+ gchar **target_key;
+
int len;
if (sscanf(query, "%31[-a-zA-Z0-9]=%127[^;&]%n", key, value, &len) != 2) {
g_warning("Failed to parse URI query '%s'", query);
@@ -344,7 +345,7 @@ static int spice_uri_parse(SpiceSession *session, const char *original_uri)
g_warning("Double set of '%s' in URI '%s'", key, uri);
goto fail;
}
- *target_key = g_strdup(value);
+ *target_key = g_uri_unescape_string(value, NULL);
}
}
@@ -355,6 +356,7 @@ static int spice_uri_parse(SpiceSession *session, const char *original_uri)
/* parsed ok -> apply */
g_free(uri);
+ g_free(unescaped_path);
g_free(s->host);
g_free(s->port);
g_free(s->tls_port);
@@ -367,6 +369,7 @@ static int spice_uri_parse(SpiceSession *session, const char *original_uri)
fail:
g_free(uri);
+ g_free(unescaped_path);
g_free(host);
g_free(port);
g_free(tls_port);
commit efbf867bb88845d5edf839550b54494b1bb752b9
Author: Colin Walters <walters at verbum.org>
Date: Fri Sep 14 11:21:28 2012 +0200
usb-acl-helper: Clear environment
Otherwise we can be subject to attack via environment variables such
as DBUS_SYSTEM_BUS_ADDRESS.
This addresses CVE-2012-4425 http://seclists.org/oss-sec/2012/q3/470
diff --git a/configure.ac b/configure.ac
index 4a220d1..c7367cc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -244,6 +244,8 @@ else
EXTERNAL_PNP_IDS="$with_pnp_ids_path"
fi
+AC_CHECK_FUNCS(clearenv)
+
PKG_CHECK_MODULES(GLIB2, glib-2.0 >= 2.22)
AC_SUBST(GLIB2_CFLAGS)
AC_SUBST(GLIB2_LIBS)
diff --git a/gtk/spice-client-glib-usb-acl-helper.c b/gtk/spice-client-glib-usb-acl-helper.c
index 724d62a..93b9b3a 100644
--- a/gtk/spice-client-glib-usb-acl-helper.c
+++ b/gtk/spice-client-glib-usb-acl-helper.c
@@ -158,7 +158,8 @@ static void cleanup(void)
if (state == STATE_WAITING_FOR_STDIN_EOF)
set_facl(path, getuid(), 0);
- g_main_loop_quit(loop);
+ if (loop)
+ g_main_loop_quit(loop);
}
/* Not available in polkit < 0.101 */
@@ -311,11 +312,32 @@ polkit_authority_get_sync (GCancellable *cancellable, GError **error)
}
#endif
+#ifndef HAVE_CLEARENV
+extern char **environ;
+
+static int
+clearenv (void)
+{
+ if (environ != NULL)
+ environ[0] = NULL;
+ return 0;
+}
+#endif
+
int main(void)
{
pid_t parent_pid;
GInputStream *stdin_unix_stream;
+ /* Nuke the environment to get a well-known and sanitized
+ * environment to avoid attacks via e.g. the DBUS_SYSTEM_BUS_ADDRESS
+ * environment variable and similar.
+ */
+ if (clearenv () != 0) {
+ FATAL_ERROR("Error clearing environment: %s\n", g_strerror (errno));
+ return 1;
+ }
+
g_type_init();
loop = g_main_loop_new(NULL, FALSE);
More information about the Spice-commits
mailing list