[gnome-autoar/wip/oholy/various-fixes: 6/17] extractor: Fix criticals for paths that point outside

[Ondrej Holy <oholy src gnome org>]

commit 755ae7ef3acdf4cdcf7024159ad08b75932803b4
Author: Ondrej Holy <oholy redhat com>
Date:   Thu Mar 4 11:59:02 2021 +0100

    extractor: Fix criticals for paths that point outside
    
    (Malicious) archives can have malformed paths with `..` segments so they
    point outside of the destination. The `autoar_extractor_do_sanitize_pathname`
    function already sanitizes those paths to be inside of the destination,
    however, the code from `autoar_extractor_step_decide_destination` operates on
    paths, which are not yet sanitized and fails with the following criticals:
    `g_file_resolve_relative_path: assertion 'relative_path != NULL' failed`.
    Let's use the `autoar_extractor_do_sanitize_pathname` also here to fix this
    criticals.

 gnome-autoar/autoar-extractor.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)
---
diff --git a/gnome-autoar/autoar-extractor.c b/gnome-autoar/autoar-extractor.c
index 9be7c0c..73f1bed 100644
--- a/gnome-autoar/autoar-extractor.c
+++ b/gnome-autoar/autoar-extractor.c
@@ -1701,6 +1701,7 @@ autoar_extractor_new (GFile *source_file,
 
   self->source_basename = g_file_get_basename (self->source_file);
   self->suggested_destname = autoar_common_get_basename_remove_extension (self->source_basename);
+  self->destination_dir = g_object_ref (self->output_file);
 
   return self;
 }
@@ -1780,8 +1781,8 @@ autoar_extractor_step_scan_toplevel (AutoarExtractor *self)
     }
     self->files_list =
       g_list_prepend (self->files_list,
-                      g_file_get_child (self->output_file,
-                                        utf8_pathname ? utf8_pathname : pathname));
+                      autoar_extractor_do_sanitize_pathname (self,
+                                                             utf8_pathname ? utf8_pathname : pathname));
     self->total_files++;
     self->total_size += archive_entry_size (entry);
     archive_read_data_skip (a);
@@ -1843,7 +1844,6 @@ autoar_extractor_step_set_destination (AutoarExtractor *self)
   g_debug ("autoar_extractor_step_set_destination: called");
 
   if (self->output_is_dest) {
-    self->destination_dir = g_object_ref (self->output_file);
     g_clear_object (&self->prefix);
     return;
   }
@@ -1859,17 +1859,16 @@ autoar_extractor_step_set_destination (AutoarExtractor *self)
     prefix_name = g_file_get_basename (self->prefix);
     prefix_name_no_ext = autoar_common_get_basename_remove_extension (prefix_name);
 
-    if (g_strcmp0 (prefix_name, self->suggested_destname) == 0 ||
-        g_strcmp0 (prefix_name_no_ext, self->suggested_destname) == 0) {
-      self->destination_dir = g_object_ref (self->output_file);
-    } else {
+    if (g_strcmp0 (prefix_name, self->suggested_destname) != 0 &&
+        g_strcmp0 (prefix_name_no_ext, self->suggested_destname) != 0) {
       g_clear_object (&self->prefix);
     }
   }
   /* If none of the above situations apply, the top level directory gets the
    * name suggested when creating the AutoarExtractor object
    */
-  if (self->destination_dir == NULL) {
+  if (self->prefix == NULL) {
+    g_object_unref (self->destination_dir);
     self->destination_dir = g_file_get_child (self->output_file,
                                               self->suggested_destname);
   }