Applied-Software/ghostty
5
0
Fork 0
mirror of https://github.com/ghostty-org/ghostty.git synced 2025-07-16 00:36:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

terminal/kitty-gfx: add file loading safety checks from Kitty

Browse Source
This commit is contained in:
Mitchell Hashimoto
2023-08-23 11:52:31 -07:00
parent 7c6bbae6a6
commit 91a4be4ca1
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/terminal/kitty/graphics_image.zig
View File

@ -123,6 +123,16 @@ pub const LoadingImage = struct {
else => @compileError("readFile only supports file and temporary_file"), else => @compileError("readFile only supports file and temporary_file"),
} }
// Verify file seems "safe". This is logic copied directly from Kitty,
// mostly. This is really rough but it will catch obvious bad actors.
if (std.mem.startsWith(u8, path, "/proc/") or
std.mem.startsWith(u8, path, "/sys/") or
(std.mem.startsWith(u8, path, "/dev/") and
!std.mem.startsWith(u8, path, "/dev/shm/")))
{
return error.InvalidData;
}
// Temporary file logic // Temporary file logic
if (medium == .temporary_file) { if (medium == .temporary_file) {
if (!isPathInTempDir(path)) return error.TemporaryFileNotInTempDir; if (!isPathInTempDir(path)) return error.TemporaryFileNotInTempDir;
@ -139,6 +149,17 @@ pub const LoadingImage = struct {
}; };
defer file.close(); defer file.close();
// File must be a regular file
if (file.stat()) |stat| {
if (stat.kind != .file) {
log.warn("file is not a regular file kind={}", .{stat.kind});
return error.InvalidData;
}
} else |err| {
log.warn("failed to stat file: {}", .{err});
return error.InvalidData;
}
if (t.offset > 0) { if (t.offset > 0) {
file.seekTo(@intCast(t.offset)) catch |err| { file.seekTo(@intCast(t.offset)) catch |err| {
log.warn("failed to seek to offset {}: {}", .{ t.offset, err }); log.warn("failed to seek to offset {}: {}", .{ t.offset, err });