icon-validator, portal: Guard against overlong symlink targets

If the buffer is too small, readlink() returns the number of bytes that would have been stored if the buffer had been large enough. Signed-off-by: Simon McVittie <smcv@collabora.com> Closes: #2873 Approved by: matthiasclasen (cherry picked from commit 89dc344ccb) Closes: #3115 Approved by: alexlarsson
2026-04-03 23:04:49 -04:00 · 2019-04-30 18:25:50 +01:00
parent 10772b0786
commit 32f5756127
2 changed files with 2 additions and 2 deletions
--- a/icon-validator/validate-icon.c
+++ b/icon-validator/validate-icon.c
@@ -136,7 +136,7 @@ rerun_in_sandbox (const char *arg_width,
  ssize_t symlink_size;

  symlink_size = readlink ("/proc/self/exe", validate_icon, sizeof (validate_icon) - 1);
-  if (symlink_size < 0)
+  if (symlink_size < 0 || (size_t) symlink_size >= sizeof (validate_icon))
    {
      g_printerr ("Error: failed to read /proc/self/exe\n");
      return 1;
--- a/portal/flatpak-portal.c
+++ b/portal/flatpak-portal.c
@@ -907,7 +907,7 @@ main (int    argc,
    }

  exe_path_len = readlink ("/proc/self/exe", exe_path, sizeof (exe_path) - 1);
-  if (exe_path_len > 0)
+  if (exe_path_len > 0 && (size_t) exe_path_len < sizeof (exe_path))
    {
      exe_path[exe_path_len] = 0;
      GFileMonitor *monitor;