session-helper: Validate HostCommand arguments

This is not a portal, but we should still do some due diligence. Closes: #2365 Approved by: alexlarsson
2026-01-26 14:13:26 +00:00 · 2018-11-30 20:31:39 -05:00 · 2018-11-30 20:31:39 -05:00 · 972804f222
commit 972804f222
parent f3f7417b16
1 changed files with 10 additions and 0 deletions
--- a/session-helper/flatpak-session-helper.c
+++ b/session-helper/flatpak-session-helper.c
@ -235,6 +235,16 @@ handle_host_command (FlatpakDevelopment    *object,
      return TRUE;
    }

+  if (!g_variant_is_of_type (arg_fds, G_VARIANT_TYPE ("a{uh}")) ||
+      !g_variant_is_of_type (arg_envs, G_VARIANT_TYPE ("a{ss}")) ||
+      (flags & ~FLATPAK_HOST_COMMAND_FLAGS_CLEAR_ENV) != 0)
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_INVALID_ARGS,
+                                             "Unexpected argument");
+      return TRUE;
+    }
+
  g_debug ("Running host command %s", arg_argv[0]);

  n_fds = 0;