remote: Be robust against bad names

If we use a remote name containing questionable characters such as newlines or '[', we will run into assertions in GKeyFile. To avoid that, check that the group name we pass is valid, and throw an error otherwise. Found while writing tests. Closes: #2244 Approved by: alexlarsson Closes: #2247 Approved by: alexlarsson
2026-04-08 09:01:02 -04:00 · 2018-10-12 21:11:58 -04:00
parent 847902c303
commit cc5dd79b09
1 changed files with 22 additions and 0 deletions
--- a/common/flatpak-remote.c
+++ b/common/flatpak-remote.c
@@ -786,6 +786,25 @@ flatpak_remote_new (const char *name)
  return flatpak_remote_new_with_dir (name, NULL);
 }

+/* copied from GLib */
+static gboolean
+g_key_file_is_group_name (const gchar *name)
+{
+  gchar *p, *q;
+
+  if (name == NULL)
+    return FALSE;
+
+  p = q = (gchar *) name;
+  while (*q && *q != ']' && *q != '[' && !g_ascii_iscntrl (*q))
+    q = g_utf8_find_next_char (q, NULL);
+
+  if (*q != '\0' || q == p)
+    return FALSE;
+
+  return TRUE;
+}
+
 gboolean
 flatpak_remote_commit (FlatpakRemote *self,
                       FlatpakDir    *dir,
@@ -799,6 +818,9 @@ flatpak_remote_commit (FlatpakRemote *self,
  g_autoptr(GKeyFile) config = NULL;
  g_autofree char *group = g_strdup_printf ("remote \"%s\"", priv->name);

+  if (!g_key_file_is_group_name (group))
+    return flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA, _("Bad remote name: %s"), priv->name);
+    
  url = flatpak_remote_get_url (self);
  if (url == NULL || *url == 0)
    return flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA, _("No url specified"));