RepoMirrors/tdesktop
1
0
Fork 0
mirror of https://github.com/telegramdesktop/tdesktop synced 2025-04-01 00:08:02 +00:00
Code Issues Projects Releases Wiki Activity

Filter command line arguments passed to Qt.

Browse Source 
See https://www.bleepingcomputer.com/news/security/
qt5-based-gui-apps-susceptible-to-remote-code-execution/

This RCE exploit doesn't affect Telegram Desktop directly, because
Telegram Desktop uses statically linked Qt and does not load any
plugins from external shared libraries. But in any case it's better
to control how command line arguments can affect the app behaviour.

For now pass only the first command line part, the executable path.
This commit is contained in:
John Preston 2019-05-06 12:40:04 +02:00
parent 8bfef7d873
commit a0e2a925ee
2 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Telegram/SourceFiles/core/launcher.cpp
View File

@ -20,6 +20,39 @@ namespace {
uint64 InstallationTag = 0;
class FilteredCommandLineArguments {
public:
FilteredCommandLineArguments(int argc, char **argv);
int &count();
char **values();
private:
static constexpr auto kForwardArgumentCount = 1;
int _count = 0;
char *_arguments[kForwardArgumentCount + 1] = { nullptr };
};
FilteredCommandLineArguments::FilteredCommandLineArguments(
int argc,
char **argv)
: _count(std::clamp(argc, 0, kForwardArgumentCount)) {
// For now just pass only the first argument, the executable path.
for (auto i = 0; i != _count; ++i) {
_arguments[i] = argv[i];
}
}
int &FilteredCommandLineArguments::count() {
return _count;
}
char **FilteredCommandLineArguments::values() {
return _arguments;
}
QString DebugModeSettingPath() {
return cWorkingDir() + qsl("tdata/withdebug");
}
@ -440,7 +473,8 @@ void Launcher::processArguments() {
}
int Launcher::executeApplication() {
Sandbox sandbox(this, _argc, _argv);
FilteredCommandLineArguments arguments(_argc, _argv);
Sandbox sandbox(this, arguments.count(), arguments.values());
MainQueueProcessor processor;
base::ConcurrentTimerEnvironment environment;
return sandbox.start();

6
Telegram/SourceFiles/core/sandbox.cpp
View File

@ -76,9 +76,9 @@ Sandbox::Sandbox(
not_null<Core::Launcher*> launcher,
int &argc,
char **argv)
: QApplication(argc, argv)
, _mainThreadId(QThread::currentThreadId())
, _launcher(launcher) {
: QApplication(argc, argv)
, _mainThreadId(QThread::currentThreadId())
, _launcher(launcher) {
}
int Sandbox::start() {