From c887cb7887e1330bdb4ca83ec115f742e5022c940f1515985d0a480f06f8d4f2 Mon Sep 17 00:00:00 2001 From: Marguerite Su Date: Thu, 24 Aug 2023 15:17:27 +0000 Subject: [PATCH] Accepting request 1105583 from home:mgerstner:branches:M17N - add remote-module-use-safe-directory-for-socket-API-sock.patch: use a safe directory for the fcitx-socket:%d API socket currently placed in /tmp. This avoids a possible local denial of service issue (bsc#1213331). OBS-URL: https://build.opensuse.org/request/show/1105583 OBS-URL: https://build.opensuse.org/package/show/M17N/fcitx?expand=0&rev=172 --- fcitx.changes | 7 ++ fcitx.spec | 4 +- ...e-safe-directory-for-socket-API-sock.patch | 111 ++++++++++++++++++ 3 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 remote-module-use-safe-directory-for-socket-API-sock.patch diff --git a/fcitx.changes b/fcitx.changes index ea2486a..e0d4967 100644 --- a/fcitx.changes +++ b/fcitx.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Aug 24 09:38:18 UTC 2023 - Matthias Gerstner + +- add remote-module-use-safe-directory-for-socket-API-sock.patch: use a safe + directory for the fcitx-socket:%d API socket currently placed in /tmp. This + avoids a possible local denial of service issue (bsc#1213331). + ------------------------------------------------------------------- Wed Aug 17 20:03:29 UTC 2022 - Dirk Müller diff --git a/fcitx.spec b/fcitx.spec index 12df378..d6fdcaf 100644 --- a/fcitx.spec +++ b/fcitx.spec @@ -1,7 +1,7 @@ # # spec file for package fcitx # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,6 +40,7 @@ Source100: https://download.fcitx-im.org/fcitx/%{name}-%{version}_dict.tar. Patch2: fcitx-autostart-check-INPUT_METHOD.patch # PATCH-FIX-OPENSUSE downgrade cmake requirement to 3.1 again Patch3: fcitx-cmake-3.1.patch +Patch4: remote-module-use-safe-directory-for-socket-API-sock.patch BuildRequires: cairo-devel BuildRequires: cmake BuildRequires: dbus-1-devel @@ -337,6 +338,7 @@ You can either use this package for download from kde-look.org using knewstaff i %setup -q %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build mkdir build diff --git a/remote-module-use-safe-directory-for-socket-API-sock.patch b/remote-module-use-safe-directory-for-socket-API-sock.patch new file mode 100644 index 0000000..a2dc76d --- /dev/null +++ b/remote-module-use-safe-directory-for-socket-API-sock.patch @@ -0,0 +1,111 @@ +From 27208dc130124d650c94c3579bd7eea072f90d3b Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Thu, 24 Aug 2023 11:12:25 +0200 +Subject: [PATCH] remote module: use safe directory for socket API socket + +Placing this into /tmp opens a local DoS attack vector, allowing other +uses to pre-create this path and thereby making it impossible for fctx +to start. + +Use a safe directory in $XDG_RUNTIME_DIR or $HOME, instead. +--- + src/module/remote/remote.c | 7 +++++-- + src/module/remote/remote.h | 31 +++++++++++++++++++++++++++++++ + tools/cli/fcitx-remote.c | 4 ++-- + 3 files changed, 38 insertions(+), 4 deletions(-) + create mode 100644 src/module/remote/remote.h + +diff --git a/src/module/remote/remote.c b/src/module/remote/remote.c +index eda44972..486b405b 100644 +--- a/src/module/remote/remote.c ++++ b/src/module/remote/remote.c +@@ -36,6 +36,7 @@ + #include "fcitx/frontend.h" + #include "fcitx/instance.h" + #include "fcitx-utils/utils.h" ++#include "module/remote/remote.h" + + #define MAX_IMNAME_LEN 30 + +@@ -63,8 +64,10 @@ void* RemoteCreate(FcitxInstance* instance) + FcitxRemote* remote = fcitx_utils_malloc0(sizeof(FcitxRemote)); + remote->owner = instance; + +- char *socketfile; +- asprintf(&socketfile, "/tmp/fcitx-socket-:%d", fcitx_utils_get_display_number()); ++ const char *socketfile = GetRemoteSocketPath(fcitx_utils_get_display_number()); ++ if (!socketfile) ++ return NULL; ++ + remote->socket_fd = CreateSocket(socketfile); + if (remote->socket_fd < 0) { + FcitxLog(ERROR, _("Can't open socket %s: %s"), socketfile, strerror(errno)); +diff --git a/src/module/remote/remote.h b/src/module/remote/remote.h +new file mode 100644 +index 00000000..ee52c980 +--- /dev/null ++++ b/src/module/remote/remote.h +@@ -0,0 +1,31 @@ ++#include ++ ++// returns a safe path name for a socket to use in the remote module and ++// remote utility. ++// if no safe directory can be determined this returns NULL and no remote ++// socket must be setup ++// otherwise a malloc'd string is returned that needs to be free()'d by the ++// caller when it isn't needed any longer. ++static inline const char* GetRemoteSocketPath(int display_nr) ++{ ++ const char *hidden = ""; ++ const char *dir = getenv("XDG_RUNTIME_DIR"); ++ if (!dir) { ++ dir = getenv("HOME"); ++ // if it is placed in the home directory then add a "." prefix to the ++ // basename to make it hidden ++ hidden = "."; ++ } ++ if (!dir) { ++ // no safe directory found ++ return NULL; ++ } ++ ++ char *path = NULL; ++ ++ if (asprintf(&path, "%s/%sfcitx-socket-:%d", dir, hidden, fcitx_utils_get_display_number()) < 0) ++ // formatting error ++ return NULL; ++ ++ return path; ++} +diff --git a/tools/cli/fcitx-remote.c b/tools/cli/fcitx-remote.c +index 5e06ea76..80677100 100644 +--- a/tools/cli/fcitx-remote.c ++++ b/tools/cli/fcitx-remote.c +@@ -36,6 +36,7 @@ + #include + #include "fcitx/frontend.h" + #include "fcitx-utils/utils.h" ++#include "module/remote/remote.h" + + int create_socket(const char *name) + { +@@ -82,7 +83,6 @@ void usage(FILE* fp) + + int main(int argc, char *argv[]) + { +- char *socketfile = NULL; + int socket_fd; + + int o = 0; +@@ -124,7 +124,7 @@ int main(int argc, char *argv[]) + } + } + +- asprintf(&socketfile, "/tmp/fcitx-socket-:%d", fcitx_utils_get_display_number()); ++ const char *socketfile = GetRemoteSocketPath(fcitx_utils_get_display_number()); + + socket_fd = create_socket(socketfile); + +-- +2.41.0 +