Overview

File CVE-2021-21381.patch of Package flatpak.25785

diff -urp flatpak-1.2.3.orig/common/flatpak-dir.c flatpak-1.2.3/common/flatpak-dir.c
--- flatpak-1.2.3.orig/common/flatpak-dir.c	2022-08-25 13:22:25.696516257 -0500
+++ flatpak-1.2.3/common/flatpak-dir.c	2022-08-25 14:22:48.780705399 -0500
@@ -6103,6 +6103,12 @@ export_desktop_file (const char   *app,
                 g_string_append_printf (new_exec, " @@ %s @@", arg);
               else if (strcasecmp (arg, "%u") == 0)
                 g_string_append_printf (new_exec, " @@u %s @@", arg);
+              else if (g_str_has_prefix (arg, "@@"))
+                {
+                  flatpak_fail_error (error, FLATPAK_ERROR_EXPORT_FAILED,
+                                     _("Invalid Exec argument %s"), arg);
+                  goto out;
+                }
               else
                 g_string_append_printf (new_exec, " %s", arg);
             }
openSUSE Build Service is sponsored by
Places