From 8049535ffefc177ca645e049dd29d7d4164c42e7 Mon Sep 17 00:00:00 2001 From: Sergio Gelato Date: Wed, 8 Jul 2020 12:43:55 +0100 Subject: [PATCH] glocalfileinfo: Handle arbitrary binary data in extended attribute values It's safe to assume an escaped string doesn't contain embedded null bytes, but raw memory buffers (as returned by getxattr()) require more care. If the length of the data to be escaped is known, use that knowledge instead of invoking strlen(). (Turned into a git-format patch by Philip Withnall. One minor formatting tweak. Original patch submitted on the Debian bug tracker, bug#962912.) Fixes: #422 --- gio/glocalfileinfo.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/gio/glocalfileinfo.c b/gio/glocalfileinfo.c index db10f342d..6cac187fd 100644 --- a/gio/glocalfileinfo.c +++ b/gio/glocalfileinfo.c @@ -305,17 +305,15 @@ name_is_valid (const char *str) } static char * -hex_escape_string (const char *str, +hex_escape_buffer (const char *str, + size_t len, gboolean *free_return) { - int num_invalid, i; + size_t num_invalid, i; char *escaped_str, *p; unsigned char c; static char *hex_digits = "0123456789abcdef"; - int len; - len = strlen (str); - num_invalid = 0; for (i = 0; i < len; i++) { @@ -351,6 +349,13 @@ hex_escape_string (const char *str, return escaped_str; } +static char * +hex_escape_string (const char *str, + gboolean *free_return) +{ + return hex_escape_buffer (str, strlen (str), free_return); +} + static char * hex_unescape_string (const char *str, int *out_len, @@ -406,7 +411,7 @@ escape_xattr (GFileInfo *info, char *escaped_val; gboolean free_escaped_val; - escaped_val = hex_escape_string (value, &free_escaped_val); + escaped_val = hex_escape_buffer (value, len, &free_escaped_val); g_file_info_set_attribute_string (info, gio_attr, escaped_val);