[gnome-remote-desktop] rdp: Don't dereference NULL pointer when parent dir cannot be found

From: Jonas Ådahl <jadahl src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-remote-desktop] rdp: Don't dereference NULL pointer when parent dir cannot be found
Date: Tue, 5 Jul 2022 07:35:40 +0000 (UTC)

commit 3d417a97e2adc3d93a5a016e10c7737adbf398bd
Author: Pascal Nowack <Pascal Nowack gmx de>
Date:   Sat Jul 2 11:36:05 2022 +0200

    rdp: Don't dereference NULL pointer when parent dir cannot be found
    
    Malicious remote desktop clients can send invalid file lists containing
    illegal filenames, such as filenames containing the '/' character.
    In such case, gnome-remote-desktop currently dereferences a NULL
    pointer, which would lead to a crash.
    
    While such malicious remote desktop clients are not known, still add
    handling for such situation by discarding the file list, when such
    situation is detected.

 src/grd-rdp-fuse-clipboard.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)
---
diff --git a/src/grd-rdp-fuse-clipboard.c b/src/grd-rdp-fuse-clipboard.c
index 79910dcf..c295096f 100644
--- a/src/grd-rdp-fuse-clipboard.c
+++ b/src/grd-rdp-fuse-clipboard.c
@@ -635,8 +635,7 @@ set_selection_for_clip_data_entry (GrdRdpFuseClipboard *rdp_fuse_clipboard,
           g_warning ("[RDP.CLIPRDR] Failed to convert filename. Aborting "
                      "SelectionTransfer");
           clear_entry_selection (rdp_fuse_clipboard, entry);
-
-          g_free (fuse_file);
+          fuse_file_free (fuse_file);
 
           return FALSE;
         }
@@ -653,6 +652,16 @@ set_selection_for_clip_data_entry (GrdRdpFuseClipboard *rdp_fuse_clipboard,
 
       parent = get_parent_directory (rdp_fuse_clipboard,
                                      fuse_file->filename_with_root);
+      if (!parent)
+        {
+          g_warning ("[RDP.CLIPRDR] Failed to find parent directory. Aborting "
+                     "SelectionTransfer");
+          clear_entry_selection (rdp_fuse_clipboard, entry);
+          fuse_file_free (fuse_file);
+
+          return FALSE;
+        }
+
       parent->children = g_list_append (parent->children, fuse_file);
       fuse_file->parent = parent;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]