Fix crash when copying an invalid file

(cherry picked from commit 5e341e42bf65e6c08604408894cf9748cc3cd7e1)
2024-05-20 14:10:50 +08:00 · 2024-05-20 14:10:50 +08:00 · 312b3b4bb5
commit 312b3b4bb5
parent 53e7b69d0f
2 changed files with 59 additions and 2 deletions
--- a/CVE-2022-37290.patch
+++ b/CVE-2022-37290.patch
@ -0,0 +1,54 @@
+From 7143f209badc0f63acf34f0061f6f94564c3e2df Mon Sep 17 00:00:00 2001
+From: technology208 <technology@208suo.com>
+Date: Mon, 20 May 2024 14:08:03 +0800
+Subject: [PATCH] CreatePatch
+
+---
+ src/nautilus-dbus-manager.c    | 6 ++++++
+ src/nautilus-file-operations.c | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/src/nautilus-dbus-manager.c b/src/nautilus-dbus-manager.c
+index 6736205..361869a 100644
+--- a/src/nautilus-dbus-manager.c
+++ b/src/nautilus-dbus-manager.c
+@@ -187,6 +187,12 @@ handle_create_folder (NautilusDBusFileOperations *object,
+     file = g_file_new_for_uri (uri);
+     basename = g_file_get_basename (file);
+     parent_file = g_file_get_parent (file);
+   if (parent_file == NULL || basename == NULL)
+    {
+       g_dbus_method_invocation_return_error (invocation, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, "Invalid uri: %s", uri);
+       return TRUE;
+   }
+
+     parent_file_uri = g_file_get_uri (parent_file);
+ 
+     handle_create_folder_internal (parent_file_uri, basename, NULL);
+diff --git a/src/nautilus-file-operations.c b/src/nautilus-file-operations.c
+index 3adf3b5..61d9532 100644
+--- a/src/nautilus-file-operations.c
+++ b/src/nautilus-file-operations.c
+@@ -990,6 +990,11 @@ get_basename (GFile *file)
+     if (name == NULL)
+     {
+         basename = g_file_get_basename (file);
+       if (basename == NULL)
+       {
+           return g_strdup (_("unknown"));
+       }
+
+         if (g_utf8_validate (basename, -1, NULL))
+         {
+             name = basename;
+@@ -4289,6 +4294,7 @@ get_unique_target_file (GFile      *src,
+     if (dest == NULL)
+     {
+         basename = g_file_get_basename (src);
+        g_assert (basename == NULL);
+ 
+         if (g_utf8_validate (basename, -1, NULL))
+         {
+-- 
+2.33.0
+
--- a/nautilus.spec
+++ b/nautilus.spec
@ -1,13 +1,13 @@
 Name:             nautilus
 Version:          3.38.2
-Release:          1
+Release:          2
 Summary:          Default file manager for GNOME
 License:          GPLv3+ and LGPLv2+
 URL:              https://wiki.gnome.org/Apps/Nautilus
 Source0:          https://download.gnome.org/sources/%{name}/3.38/%{name}-%{version}.tar.xz

 Patch0: 0001-mime-actions-Group-files-depending-on-the-opening-ap.patch
-
+Patch1:          CVE-2022-37290.patch
 BuildRequires:   desktop-file-utils gcc gettext gtk-doc meson libgexiv2-devel glib2-devel gnome-autoar-devel gnome-desktop3-devel
 BuildRequires:   gobject-introspection-devel gsettings-desktop-schemas-devel gtk3-devel libseccomp-devel libselinux-devel libxslt
 BuildRequires:   libxml2-devel tracker3-devel libX11-devel /usr/bin/appstream-util pkgconfig(gstreamer-pbutils-1.0) pkgconfig(gstreamer-tag-1.0)
@ -82,6 +82,9 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/*.desktop
 %{_datadir}/metainfo/*

 %changelog
+* Mon May 20 2024 technology208 <technology@208suo.com>  - 3.38.2-2
+  Fix crash when copying an invalid file
+
 * Mon Jun 7 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 3.38.2-1
 - Upgrade to 3.38.2
 - Add a patch that can launch default uri handlers when activating files