aboutsummaryrefslogtreecommitdiffstats
path: root/community/gvfs/CVE-2019-12448.patch
blob: 53542a3a1b8b3405d5e9242ed69fb56c8f5f1e7d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
From 5cd76d627f4d1982b6e77a0e271ef9301732d09e Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:24:36 +0200
Subject: [PATCH] admin: Add query_info_on_read/write functionality

Admin backend doesn't implement query_info_on_read/write which might
potentially lead to some race conditions which aren't really wanted
especially in case of admin backend. Let's add this missing functionality.
---
 daemon/gvfsbackendadmin.c | 79 +++++++++++++++++++++++++++++++++------
 1 file changed, 67 insertions(+), 12 deletions(-)

diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index 65a979e7..23d16f16 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -42,6 +42,8 @@
 #include "gvfsjobopenforwrite.h"
 #include "gvfsjobqueryattributes.h"
 #include "gvfsjobqueryinfo.h"
+#include "gvfsjobqueryinforead.h"
+#include "gvfsjobqueryinfowrite.h"
 #include "gvfsjobread.h"
 #include "gvfsjobseekread.h"
 #include "gvfsjobseekwrite.h"
@@ -155,6 +157,19 @@ complete_job (GVfsJob *job,
   g_vfs_job_succeeded (job);
 }
 
+static void
+fix_file_info (GFileInfo *info)
+{
+  /* Override read/write flags, since the above call will use access()
+   * to determine permissions, which does not honor our privileged
+   * capabilities.
+   */
+  g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
+  g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
+  g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
+  g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
+}
+
 static void
 do_query_info (GVfsBackend *backend,
                GVfsJobQueryInfo *query_info_job,
@@ -180,19 +195,57 @@ do_query_info (GVfsBackend *backend,
   if (error != NULL)
     goto out;
 
-  /* Override read/write flags, since the above call will use access()
-   * to determine permissions, which does not honor our privileged
-   * capabilities.
-   */
-  g_file_info_set_attribute_boolean (real_info,
-                                     G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
-  g_file_info_set_attribute_boolean (real_info,
-                                     G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
-  g_file_info_set_attribute_boolean (real_info,
-                                     G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
-  g_file_info_set_attribute_boolean (real_info,
-                                     G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
+  fix_file_info (real_info);
+  g_file_info_copy_into (real_info, info);
+  g_object_unref (real_info);
+
+ out:
+  complete_job (job, error);
+}
+
+static void
+do_query_info_on_read (GVfsBackend *backend,
+                       GVfsJobQueryInfoRead *query_info_job,
+                       GVfsBackendHandle handle,
+                       GFileInfo *info,
+                       GFileAttributeMatcher *matcher)
+{
+  GVfsJob *job = G_VFS_JOB (query_info_job);
+  GFileInputStream *stream = handle;
+  GError *error = NULL;
+  GFileInfo *real_info;
+
+  real_info = g_file_input_stream_query_info (stream, query_info_job->attributes,
+                                              job->cancellable, &error);
+  if (error != NULL)
+    goto out;
+
+  fix_file_info (real_info);
+  g_file_info_copy_into (real_info, info);
+  g_object_unref (real_info);
+
+ out:
+  complete_job (job, error);
+}
+
+static void
+do_query_info_on_write (GVfsBackend *backend,
+                        GVfsJobQueryInfoWrite *query_info_job,
+                        GVfsBackendHandle handle,
+                        GFileInfo *info,
+                        GFileAttributeMatcher *matcher)
+{
+  GVfsJob *job = G_VFS_JOB (query_info_job);
+  GFileOutputStream *stream = handle;
+  GError *error = NULL;
+  GFileInfo *real_info;
+
+  real_info = g_file_output_stream_query_info (stream, query_info_job->attributes,
+                                               job->cancellable, &error);
+  if (error != NULL)
+    goto out;
 
+  fix_file_info (real_info);
   g_file_info_copy_into (real_info, info);
   g_object_unref (real_info);
 
@@ -868,6 +921,8 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
   backend_class->mount = do_mount;
   backend_class->open_for_read = do_open_for_read;
   backend_class->query_info = do_query_info;
+  backend_class->query_info_on_read = do_query_info_on_read;
+  backend_class->query_info_on_write = do_query_info_on_write;
   backend_class->read = do_read;
   backend_class->create = do_create;
   backend_class->append_to = do_append_to;
-- 
2.21.0