diff --git a/debian/changelog b/debian/changelog index a74a9a3ad47b3172aa02563c92dae5def39f5b22..a36d4118e8afde2bcac82a6025c716c170515ef8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +nautilus (1:3.36.1.1-ok4) yangtze; urgency=medium + + * cao_xingyu CVE-2022-37290 安全更新 Fix crash when copying an invaild file. + + -- caoxingyu Thu, 18 Jan 2024 23:59:25 +0800 + nautilus (1:3.36.1.1-ok3) yangtze; urgency=medium * update version info diff --git a/src/nautilus-dbus-manager.c b/src/nautilus-dbus-manager.c index 294b74ebaa4559ba0d4cf2c193ade0e785cc39b6..5a8710b49271d4d2f1bf40f9196dd715447a0e14 100644 --- a/src/nautilus-dbus-manager.c +++ b/src/nautilus-dbus-manager.c @@ -126,6 +126,11 @@ handle_create_folder (NautilusDBusFileOperations *object, file = g_file_new_for_uri (uri); basename = g_file_get_basename (file); parent_file = g_file_get_parent (file); + if (parent_file == NULL || basename == NULL) + { + g_dbus_method_invocation_return_error (invocation, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, "Invalid uri: %s", uri); + return TRUE; + } parent_file_uri = g_file_get_uri (parent_file); g_application_hold (g_application_get_default ()); diff --git a/src/nautilus-file-operations.c b/src/nautilus-file-operations.c index 20a320d82004af4a6ce9c6d876899baba382751e..604948fcf443093249cf33987e3683fd022d6f0f 100644 --- a/src/nautilus-file-operations.c +++ b/src/nautilus-file-operations.c @@ -987,6 +987,11 @@ get_basename (GFile *file) if (name == NULL) { basename = g_file_get_basename (file); + if (basename == NULL) + { + return g_strdup (_("unknown")); + } + if (g_utf8_validate (basename, -1, NULL)) { name = basename; @@ -4192,6 +4197,7 @@ get_unique_target_file (GFile *src, if (dest == NULL) { basename = g_file_get_basename (src); + g_assert (basename == NULL); if (g_utf8_validate (basename, -1, NULL)) {