[glib] Bug 623407 - g_keyfile_settings_backend_new crash



commit a16128655fed37a3975fdb8ea0d31ef0fa29e882
Author: Ryan Lortie <desrt desrt ca>
Date:   Fri Jul 2 11:35:43 2010 -0400

    Bug 623407 - g_keyfile_settings_backend_new crash
    
    The keyfile backend forms paths like this:
    
      prefix + group_name + '/' + keyname
    
    If the prefix is '/apps/yelp/' and the group name is '/' then this means
    that we end up with a key name of (for example):
    
      '/apps/yelp/' + '/' + '/' + 'font-adjustment'
    
    = '/apps/yelp///font-adjustment'
    
    which is obviously not a valid key name.
    
    This patch rejects group names starting or ending with '/' or containing
    '//' and also rejects keys containing '/'.  This should make it
    impossible for invalid keys to be formed.

 gio/gkeyfilesettingsbackend.c |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)
---
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index 94ccced..0306585 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -400,12 +400,23 @@ keyfile_to_tree (GKeyfileSettingsBackend *kfsb,
       gint j;
 
       is_root_group = g_strcmp0 (kfsb->root_group, groups[i]) == 0;
+
+      /* reject group names that will form invalid key names */
+      if (!is_root_group &&
+          (g_str_has_prefix (groups[i], "/") ||
+           g_str_has_suffix (groups[i], "/") || strstr (groups[i], "//")))
+        continue;
+
       keys = g_key_file_get_keys (keyfile, groups[i], NULL, NULL);
 
       for (j = 0; keys[j]; j++)
         {
           gchar *path, *value;
 
+          /* reject key names with slashes in them */
+          if (strchr (keys[j], '/'))
+            continue;
+
           if (is_root_group)
             path = g_strdup_printf ("%s%s", kfsb->prefix, keys[j]);
           else



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]