diff options
author | Ryan Lortie <desrt@desrt.ca> | 2010-07-02 11:35:43 -0400 |
---|---|---|
committer | Ryan Lortie <desrt@desrt.ca> | 2010-07-02 11:35:43 -0400 |
commit | a16128655fed37a3975fdb8ea0d31ef0fa29e882 (patch) | |
tree | d8c4cf8c9c5c6a06be4429c1bd6284cc9dc049c7 /gio/gkeyfilesettingsbackend.c | |
parent | a941660873ad4db42f1799e444d46d95721af840 (diff) |
Bug 623407 - g_keyfile_settings_backend_new crash
The keyfile backend forms paths like this:
prefix + group_name + '/' + keyname
If the prefix is '/apps/yelp/' and the group name is '/' then this means
that we end up with a key name of (for example):
'/apps/yelp/' + '/' + '/' + 'font-adjustment'
= '/apps/yelp///font-adjustment'
which is obviously not a valid key name.
This patch rejects group names starting or ending with '/' or containing
'//' and also rejects keys containing '/'. This should make it
impossible for invalid keys to be formed.
Diffstat (limited to 'gio/gkeyfilesettingsbackend.c')
-rw-r--r-- | gio/gkeyfilesettingsbackend.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c index 94cccedba..0306585ad 100644 --- a/gio/gkeyfilesettingsbackend.c +++ b/gio/gkeyfilesettingsbackend.c @@ -400,12 +400,23 @@ keyfile_to_tree (GKeyfileSettingsBackend *kfsb, gint j; is_root_group = g_strcmp0 (kfsb->root_group, groups[i]) == 0; + + /* reject group names that will form invalid key names */ + if (!is_root_group && + (g_str_has_prefix (groups[i], "/") || + g_str_has_suffix (groups[i], "/") || strstr (groups[i], "//"))) + continue; + keys = g_key_file_get_keys (keyfile, groups[i], NULL, NULL); for (j = 0; keys[j]; j++) { gchar *path, *value; + /* reject key names with slashes in them */ + if (strchr (keys[j], '/')) + continue; + if (is_root_group) path = g_strdup_printf ("%s%s", kfsb->prefix, keys[j]); else |