Accepting request 1105876 from M17N

OBS-URL: https://build.opensuse.org/request/show/1105876 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fcitx?expand=0&rev=69
2023-08-30 08:17:58 +00:00 · 2023-08-30 08:17:58 +00:00 · 50d279147c
commit 50d279147c
parent 60a7d51031 c887cb7887
3 changed files with 121 additions and 1 deletions
--- a/fcitx.changes
+++ b/fcitx.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Aug 24 09:38:18 UTC 2023 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- add remote-module-use-safe-directory-for-socket-API-sock.patch: use a safe
+  directory for the fcitx-socket:%d API socket currently placed in /tmp. This
+  avoids a possible local denial of service issue (bsc#1213331).
+
 -------------------------------------------------------------------
 Wed Aug 17 20:03:29 UTC 2022 - Dirk Müller <dmueller@suse.com>

--- a/fcitx.spec
+++ b/fcitx.spec
@ -1,7 +1,7 @@
 #
 # spec file for package fcitx
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -40,6 +40,7 @@ Source100:      https://download.fcitx-im.org/fcitx/%{name}-%{version}_dict.tar.
 Patch2:         fcitx-autostart-check-INPUT_METHOD.patch
 # PATCH-FIX-OPENSUSE downgrade cmake requirement to 3.1 again
 Patch3:         fcitx-cmake-3.1.patch
+Patch4:         remote-module-use-safe-directory-for-socket-API-sock.patch
 BuildRequires:  cairo-devel
 BuildRequires:  cmake
 BuildRequires:  dbus-1-devel
@ -337,6 +338,7 @@ You can either use this package for download from kde-look.org using knewstaff i
 %setup -q
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1

 %build
 mkdir build
--- a/remote-module-use-safe-directory-for-socket-API-sock.patch
+++ b/remote-module-use-safe-directory-for-socket-API-sock.patch
@ -0,0 +1,111 @@
+From 27208dc130124d650c94c3579bd7eea072f90d3b Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Thu, 24 Aug 2023 11:12:25 +0200
+Subject: [PATCH] remote module: use safe directory for socket API socket
+
+Placing this into /tmp opens a local DoS attack vector, allowing other
+uses to pre-create this path and thereby making it impossible for fctx
+to start.
+
+Use a safe directory in $XDG_RUNTIME_DIR or $HOME, instead.
+---
+ src/module/remote/remote.c |  7 +++++--
+ src/module/remote/remote.h | 31 +++++++++++++++++++++++++++++++
+ tools/cli/fcitx-remote.c   |  4 ++--
+ 3 files changed, 38 insertions(+), 4 deletions(-)
+ create mode 100644 src/module/remote/remote.h
+
+diff --git a/src/module/remote/remote.c b/src/module/remote/remote.c
+index eda44972..486b405b 100644
+--- a/src/module/remote/remote.c
+++ b/src/module/remote/remote.c
+@@ -36,6 +36,7 @@
+ #include "fcitx/frontend.h"
+ #include "fcitx/instance.h"
+ #include "fcitx-utils/utils.h"
+#include "module/remote/remote.h"
+ 
+ #define MAX_IMNAME_LEN 30
+ 
+@@ -63,8 +64,10 @@ void* RemoteCreate(FcitxInstance* instance)
+     FcitxRemote* remote = fcitx_utils_malloc0(sizeof(FcitxRemote));
+     remote->owner = instance;
+ 
+-    char *socketfile;
+-    asprintf(&socketfile, "/tmp/fcitx-socket-:%d", fcitx_utils_get_display_number());
+    const char *socketfile = GetRemoteSocketPath(fcitx_utils_get_display_number());
+    if (!socketfile)
+        return NULL;
+
+     remote->socket_fd = CreateSocket(socketfile);
+     if (remote->socket_fd < 0) {
+         FcitxLog(ERROR, _("Can't open socket %s: %s"), socketfile, strerror(errno));
+diff --git a/src/module/remote/remote.h b/src/module/remote/remote.h
+new file mode 100644
+index 00000000..ee52c980
+--- /dev/null
+++ b/src/module/remote/remote.h
+@@ -0,0 +1,31 @@
+#include <stdlib.h>
+
+// returns a safe path name for a socket to use in the remote module and
+// remote utility.
+// if no safe directory can be determined this returns NULL and no remote
+// socket must be setup
+// otherwise a malloc'd string is returned that needs to be free()'d by the
+// caller when it isn't needed any longer.
+static inline const char* GetRemoteSocketPath(int display_nr)
+{
+    const char *hidden = "";
+    const char *dir = getenv("XDG_RUNTIME_DIR");
+    if (!dir) {
+        dir = getenv("HOME");
+        // if it is placed in the home directory then add a "." prefix to the
+        // basename to make it hidden
+        hidden = ".";
+    }
+    if (!dir) {
+        // no safe directory found
+        return NULL;
+    }
+
+    char *path = NULL;
+
+    if (asprintf(&path, "%s/%sfcitx-socket-:%d", dir, hidden, fcitx_utils_get_display_number()) < 0)
+        // formatting error
+        return NULL;
+
+    return path;
+}
+diff --git a/tools/cli/fcitx-remote.c b/tools/cli/fcitx-remote.c
+index 5e06ea76..80677100 100644
+--- a/tools/cli/fcitx-remote.c
+++ b/tools/cli/fcitx-remote.c
+@@ -36,6 +36,7 @@
+ #include <limits.h>
+ #include "fcitx/frontend.h"
+ #include "fcitx-utils/utils.h"
+#include "module/remote/remote.h"
+ 
+ int create_socket(const char *name)
+ {
+@@ -82,7 +83,6 @@ void usage(FILE* fp)
+ 
+ int main(int argc, char *argv[])
+ {
+-    char *socketfile = NULL;
+     int socket_fd;
+ 
+     int o = 0;
+@@ -124,7 +124,7 @@ int main(int argc, char *argv[])
+         }
+     }
+ 
+-    asprintf(&socketfile, "/tmp/fcitx-socket-:%d", fcitx_utils_get_display_number());
+    const char *socketfile = GetRemoteSocketPath(fcitx_utils_get_display_number());
+ 
+     socket_fd = create_socket(socketfile);
+ 
+-- 
+2.41.0
+