Bug 683821 – Does not escape single quotes included in file names properly

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 683821 - Does not escape single quotes included in file names properly


Summary:	Does not escape single quotes included in file names properly


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	gio
Version:	2.33.x
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Duplicates:	684130 (view as bug list)
Depends on:
Blocks:

Reported:	2012-09-11 19:08 UTC by Tseln
Modified:	2012-09-17 13:41 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Tseln 2012-09-11 19:08:12 UTC

When a file is leftclicked in nautilus or dragged into an application and the filename or path contain a single quote and other characters that need escaping to be properly parsed then the outer quote of nautilus is terminated prematurely at this single quote contained in the file name. 
This ressembles a lot typical SQL-Injection weaknesses of web-applications that are excerted exactly that way.

Example: a file /home/test/summer'09 tours.pdf
would not be opened in nautilus by click nor by drag and drop into evince:
evince would complain about several non existent files the first one being
/home/test/summer'09 as the escaping ended at single quote after summer and the following blank remained unescaped and mistaken for a separator of several input files to the application.

In 3.2 the behavior was still correct - I experience this for the first time in 3.4.2 as a consequence of a distribution upgrade- so I can't tell exactly with wich version it started.

Greetings,
Tseln

Comment 1 Tseln 2012-09-11 19:11:40 UTC

Additional info:
this happens independant of mime-type, target application or attributes.

Comment 2 Cosimo Cecchi 2012-09-11 21:34:06 UTC

-> glib

Confirmed with nautilus and glib master.
This looks like a bug in g_app_info_launch(); we correctly pass a GFile containing the specified location to g_app_info_launch(), but that somehow gets badly parsed when actually launching the application.

Comment 3 Tseln 2012-09-12 07:05:36 UTC

Thank you Cosimo for reviewing this report so quickly.
glib and gio component are at version 2.32.4 at my system (OpenSuSE 12.2, 64-bit). 
Do you think prio normal is appropriate for a path parsing bug?
Greetings
Tseln

Comment 4 Cosimo Cecchi 2012-09-12 18:37:22 UTC

(In reply to comment #3)
> Thank you Cosimo for reviewing this report so quickly.
> glib and gio component are at version 2.32.4 at my system (OpenSuSE 12.2,
> 64-bit). 
> Do you think prio normal is appropriate for a path parsing bug?

The value of the priority field doesn't really make a lot of difference.

Comment 5 Alexander Larsson 2012-09-13 08:02:09 UTC

This is caused by 6e4acf44b3a943906432a2bf55223ac107d8e0c2, from bug 562907, it breaks the FALL THROUGH case for '\\''.

Comment 6 Alexander Larsson 2012-09-13 08:19:04 UTC


*** This bug has been marked as a duplicate of bug 562907 ***

Comment 7 Cosimo Cecchi 2012-09-17 13:41:53 UTC

*** Bug 684130 has been marked as a duplicate of this bug. ***