87e19535fe
The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking the destination file and re-creating it from scratch. That did previously work, but in the process the code would call `open(O_CREAT)` on the file. If the file was a dangling symlink, this would create the destination file (empty). That’s not an intended side-effect, and has security implications if the symlink is controlled by a lower-privileged process. Fix that by not opening the destination file if it’s a symlink, and adjusting the rest of the code to cope with - the fact that `fd == -1` is not an error iff `is_symlink` is true, - and that `original_stat` will contain the `lstat()` results for the symlink now, rather than the `stat()` results for its target (again, iff `is_symlink` is true). This means that the target of the dangling symlink is no longer created, which was the bug. The symlink itself continues to be replaced (as before) with the new file — this is the intended behaviour of `g_file_replace()`. The behaviour for non-symlink cases, or cases where the symlink was not dangling, should be unchanged. Includes a unit test. Signed-off-by: Philip Withnall <pwithnall@endlessos.org> Fixes: #2325 |
||
|---|---|---|
| .gitlab-ci | ||
| docs | ||
| fuzzing | ||
| gio | ||
| glib | ||
| gmodule | ||
| gobject | ||
| gthread | ||
| m4macros | ||
| po | ||
| subprojects | ||
| tests | ||
| .clang-format | ||
| .dir-locals.el | ||
| .gitattributes | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| AUTHORS | ||
| check-abis.sh | ||
| clang-format-diff.py | ||
| CONTRIBUTING.md | ||
| COPYING | ||
| glib-gettextize.in | ||
| glib.doap | ||
| glib.supp | ||
| HACKING | ||
| INSTALL.in | ||
| meson_options.txt | ||
| meson.build | ||
| msvc_recommended_pragmas.h | ||
| NEWS | ||
| NEWS.pre-1-3 | ||
| README | ||
| README.md | ||
| README.rationale | ||
| README.win32 | ||
| README.win32.md | ||
| template-tap.test.in | ||
| template.test.in | ||
GLib
GLib is the low-level core library that forms the basis for projects such as GTK and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.
The official download locations are: https://download.gnome.org/sources/glib
The official web site is: https://www.gtk.org/
Installation
See the file 'INSTALL.in'
How to report bugs
Bugs should be reported to the GNOME issue tracking system. (https://gitlab.gnome.org/GNOME/glib/issues/new). You will need to create an account for yourself.
In the bug report please include:
- Information about your system. For instance:
- What operating system and version
- For Linux, what version of the C library
- And anything else you think is relevant.
- How to reproduce the bug.
- If you can reproduce it with one of the test programs that are built in the tests/ subdirectory, that will be most convenient. Otherwise, please include a short test program that exhibits the behavior. As a last resort, you can also provide a pointer to a larger piece of software that can be downloaded.
- If the bug was a crash, the exact text that was printed out when the crash occurred.
- Further information such as stack traces may be useful, but is not necessary.
Patches
Patches should also be submitted as merge requests to gitlab.gnome.org. If the patch fixes an existing issue, please refer to the issue in your commit message with the following notation (for issue 123): Closes: #123
Otherwise, create a new merge request that introduces the change, filing a separate issue is not required.