From 5562c921e8c5f1907de0ee501b341bd830f9e449 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 7 Dec 2020 18:44:32 +0000
Subject: [PATCH] portal: Raise an error if fds are out of range

Previously, we'd silently ignore remapped or sandbox-exposed fds that
were not included with the D-Bus message, which seems unlikely to
work as intended.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 portal/flatpak-portal.c | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/portal/flatpak-portal.c b/portal/flatpak-portal.c
index 21a5b156..df08849a 100644
--- a/portal/flatpak-portal.c
+++ b/portal/flatpak-portal.c
@@ -918,8 +918,16 @@ handle_spawn (PortalFlatpak         *object,
       int handle_fd;
 
       g_variant_get_child (arg_fds, i, "{uh}", &dest_fd, &handle);
+
       if (handle >= fds_len)
-        continue;
+        {
+          g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                                 G_DBUS_ERROR_INVALID_ARGS,
+                                                 "No file descriptor for handle %d",
+                                                 handle);
+          return G_DBUS_METHOD_INVOCATION_HANDLED;
+        }
+
       handle_fd = fds[handle];
 
       fd_map[i].to = dest_fd;
@@ -1123,7 +1131,7 @@ handle_spawn (PortalFlatpak         *object,
       g_debug ("exposing %s", expose);
     }
 
-  if (fds && sandbox_expose_fd != NULL)
+  if (sandbox_expose_fd != NULL)
     {
       gsize len = g_variant_n_children (sandbox_expose_fd);
       for (i = 0; i < len; i++)
@@ -1140,10 +1148,18 @@ handle_spawn (PortalFlatpak         *object,
               if (path)
                 g_ptr_array_add (flatpak_argv, filesystem_arg (path, !writable));
             }
+          else
+            {
+              g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                                     G_DBUS_ERROR_INVALID_ARGS,
+                                                     "No file descriptor for handle %d",
+                                                     handle);
+              return G_DBUS_METHOD_INVOCATION_HANDLED;
+            }
         }
     }
 
-  if (fds && sandbox_expose_fd_ro != NULL)
+  if (sandbox_expose_fd_ro != NULL)
     {
       gsize len = g_variant_n_children (sandbox_expose_fd_ro);
       for (i = 0; i < len; i++)
@@ -1160,6 +1176,14 @@ handle_spawn (PortalFlatpak         *object,
               if (path)
                 g_ptr_array_add (flatpak_argv, filesystem_arg (path, TRUE));
             }
+          else
+            {
+              g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                                     G_DBUS_ERROR_INVALID_ARGS,
+                                                     "No file descriptor for handle %d",
+                                                     handle);
+              return G_DBUS_METHOD_INVOCATION_HANDLED;
+            }
         }
     }