| From a69dfb421fa9831aea5f2f90aec831a6a01d06e1 Mon Sep 17 00:00:00 2001 |
| From: Zong-Cing Lin <zclin@google.com> |
| Date: Tue, 25 Jan 2022 11:16:01 +0800 |
| Subject: [PATCH 1/2] backport "gfile: Limit access to files when copying" |
| |
| https://gitlab.gnome.org/GNOME/glib/-/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 |
| |
| It's for CVE-2019-12450 |
| |
| Bug: 215543804 |
| Test: generate new glib so and verify functionalities on Qv1 |
| |
| diff --git a/gio/gfile.c b/gio/gfile.c |
| index b64a97d35..5a5604a6c 100644 |
| --- a/gio/gfile.c |
| +++ b/gio/gfile.c |
| @@ -3113,12 +3113,12 @@ file_copy_fallback (GFile *source, |
| out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), |
| FALSE, NULL, |
| flags & G_FILE_COPY_BACKUP, |
| - G_FILE_CREATE_REPLACE_DESTINATION, |
| - info, |
| + G_FILE_CREATE_REPLACE_DESTINATION | |
| + G_FILE_CREATE_PRIVATE, info, |
| cancellable, error); |
| else |
| out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), |
| - FALSE, 0, info, |
| + FALSE, G_FILE_CREATE_PRIVATE, info, |
| cancellable, error); |
| } |
| else if (flags & G_FILE_COPY_OVERWRITE) |
| @@ -3126,12 +3126,13 @@ file_copy_fallback (GFile *source, |
| out = (GOutputStream *)g_file_replace (destination, |
| NULL, |
| flags & G_FILE_COPY_BACKUP, |
| - G_FILE_CREATE_REPLACE_DESTINATION, |
| + G_FILE_CREATE_REPLACE_DESTINATION | |
| + G_FILE_CREATE_PRIVATE, |
| cancellable, error); |
| } |
| else |
| { |
| - out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); |
| + out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); |
| } |
| |
| if (!out) |
| -- |
| 2.35.0.rc0.227.g00780c9af4-goog |
| |