[gimp] app: protect user_install_dir_copy() against infinite recursivity.

From: Jehan Pagès <jehanp src gnome org>
To: commits-list gnome org
Cc:
Subject: [gimp] app: protect user_install_dir_copy() against infinite recursivity.
Date: Wed, 27 Dec 2017 02:57:41 +0000 (UTC)
commit f14be48e744dc889f6b477a9fb60f76472e94be8
Author: Jehan <jehan girinstud io>
Date:   Wed Dec 27 03:54:38 2017 +0100

    app: protect user_install_dir_copy() against infinite recursivity.
    
    When recursively browsing folders, there is always the risk of infinite
    recursivity, in particular with symbolic links which can create loops.
    Let's just assume that we don't have any data over 5 levels of
    directories to avoid a security risk.

 app/core/gimp-user-install.c |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)
---
diff --git a/app/core/gimp-user-install.c b/app/core/gimp-user-install.c
index 70268e5..1f7447a 100644
--- a/app/core/gimp-user-install.c
+++ b/app/core/gimp-user-install.c
@@ -137,6 +137,7 @@ static gboolean  user_install_file_copy          (GimpUserInstall    *install,
                                                   const gchar        *old_options_regexp,
                                                   GRegexEvalCallback  update_callback);
 static gboolean  user_install_dir_copy           (GimpUserInstall    *install,
+                                                  gint                level,
                                                   const gchar        *source,
                                                   const gchar        *base,
                                                   const gchar        *update_pattern,
@@ -647,6 +648,7 @@ user_update_gimpressionist (const GMatchInfo *matched_value,
 
 static gboolean
 user_install_dir_copy (GimpUserInstall    *install,
+                       gint                level,
                        const gchar        *source,
                        const gchar        *base,
                        const gchar        *update_pattern,
@@ -657,8 +659,21 @@ user_install_dir_copy (GimpUserInstall    *install,
   gchar        dest[1024];
   const gchar *basename;
   gchar       *dirname;
-  gboolean     success;
   GError      *error = NULL;
+  gboolean     success = FALSE;
+
+  if (level >= 5)
+    {
+      /* Config migration is recursive, but we can't go on forever,
+       * since we may fall into recursive symlinks in particular (which
+       * is a security risk to fill a disk, and would also block GIMP
+       * forever at migration stage).
+       * Let's just break the recursivity at 5 levels, which is just an
+       * arbitrary value (but I don't think there should be any data
+       * deeper than this).
+       */
+      goto error;
+    }
 
   {
     gchar *basename = g_path_get_basename (source);
@@ -698,7 +713,7 @@ user_install_dir_copy (GimpUserInstall    *install,
         }
       else
         {
-          user_install_dir_copy (install, name, dirname,
+          user_install_dir_copy (install, level + 1, name, dirname,
                                  update_pattern, update_callback);
         }
 
@@ -854,7 +869,7 @@ user_install_migrate_files (GimpUserInstall *install)
               update_pattern  = GIMPRESSIONIST_UPDATE_PATTERN;
               update_callback = user_update_gimpressionist;
             }
-          user_install_dir_copy (install, source, gimp_directory (),
+          user_install_dir_copy (install, 0, source, gimp_directory (),
                                  update_pattern, update_callback);
         }
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]