From 91f88dd204b43f63be1926bf3b6eb0f681ee9d61 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Mon, 12 Nov 2018 19:18:07 -0500 Subject: [PATCH 1/2] Don't allow empty remote names Prevent remotes from having empty names. This can only lead to confusion and unnecessary complications. --- common/flatpak-remote.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common/flatpak-remote.c b/common/flatpak-remote.c index 9342c505..f8a594a3 100644 --- a/common/flatpak-remote.c +++ b/common/flatpak-remote.c @@ -818,7 +818,8 @@ flatpak_remote_commit (FlatpakRemote *self, g_autoptr(GKeyFile) config = NULL; g_autofree char *group = g_strdup_printf ("remote \"%s\"", priv->name); - if (!g_key_file_is_group_name (group)) + if (priv->name[0] == '\0' || + !g_key_file_is_group_name (group)) return flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA, _("Bad remote name: %s"), priv->name); url = flatpak_remote_get_url (self); From 54f38284f6239af7b44e3ac1197cde59667111d8 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Mon, 12 Nov 2018 19:25:34 -0500 Subject: [PATCH 2/2] Validate custom installation IDs We want to avoid unnecessary confusion and complications, so we rule out IDs that are problematic because they will clash with the default installations. At the same time, make the error messages for parsing custom installations more informative. --- common/flatpak-dir.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 6bbe3403..083191ab 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -725,6 +725,18 @@ append_new_system_location (GPtrArray *locations, g_ptr_array_add (locations, location); } +static gboolean +is_good_installation_id (const char *id) +{ + if (strcmp (id, "") == 0 || + strcmp (id, "user") == 0 || + strcmp (id, "default") == 0 || + strcmp (id, "system") == 0) + return FALSE; + + return TRUE; +} + static gboolean append_locations_from_config_file (GPtrArray *locations, const char *file_path, @@ -742,7 +754,7 @@ append_locations_from_config_file (GPtrArray *locations, if (!g_key_file_load_from_file (keyfile, file_path, G_KEY_FILE_NONE, &my_error)) { - g_debug ("Could not get list of system installations: %s", my_error->message); + g_debug ("Could not get list of system installations from '%s': %s", file_path, my_error->message); g_propagate_error (error, g_steal_pointer (&my_error)); goto out; } @@ -765,7 +777,7 @@ append_locations_from_config_file (GPtrArray *locations, id = g_strdup (&groups[i][14]); if (!g_str_has_suffix (id, "\"")) { - g_warning ("Installation without closing quote (%s). Ignoring", groups[i]); + g_warning ("While reading '%s': Installation without closing quote (%s). Ignoring", file_path, groups[i]); continue; } @@ -773,16 +785,22 @@ append_locations_from_config_file (GPtrArray *locations, if (len > 0) id[len - 1] = '\0'; + if (!is_good_installation_id (id)) + { + g_warning ("While reading '%s': Bad installation ID '%s'. Ignoring", file_path, id); + continue; + } + if (has_system_location (locations, id)) { - g_warning ("Found duplicate flatpak installation (Id: %s). Ignoring", id); + g_warning ("While reading '%s': Duplicate installation ID '%s'. Ignoring", file_path, id); continue; } path = g_key_file_get_string (keyfile, groups[i], "Path", &my_error); if (path == NULL) { - g_debug ("Unable to get path for installation '%s': %s", id, my_error->message); + g_debug ("While reading '%s': Unable to get path for installation '%s': %s", file_path, id, my_error->message); g_propagate_error (error, g_steal_pointer (&my_error)); goto out; }