dir: Refuse to export .desktop files with suspicious uses of @@ tokens

This is either a malicious/compromised app trying to do an attack, or a mistake that will break handling of %f, %u and so on. Either way, if we refuse to export the .desktop file, resulting in installation failing, then it makes the rejection more obvious than quietly removing the magic tokens. Signed-off-by: Simon McVittie <smcv@collabora.com> (cherry picked from commit 46b3ede)
flatpak · Mar 10, 2021 · a7401e6 · a7401e6
1 parent eb7946b
commit a7401e6
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
@@ -7140,7 +7140,11 @@ export_desktop_file (const char         *app,
               else if (strcasecmp (arg, "%u") == 0)
                 g_string_append_printf (new_exec, " @@u %s @@", arg);
               else if (g_str_has_prefix (arg, "@@"))
-                g_print (_("Skipping invalid Exec argument %s\n"), arg);
+                {
+                  flatpak_fail_error (error, FLATPAK_ERROR_EXPORT_FAILED,
+                                     _("Invalid Exec argument %s"), arg);
+                  goto out;
+                }
               else
                 g_string_append_printf (new_exec, " %s", arg);
             }