Skip to content

Commit 409e341

Browse files
committed
cli-transaction: Escape any special characters in the EOL reason
CVE-2023-28101, GHSA-h43h-fwqx-mpp8 Signed-off-by: Simon McVittie <smcv@collabora.com>
1 parent 7fe63f2 commit 409e341

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

Diff for: app/flatpak-cli-transaction.c

+4-1
Original file line numberDiff line numberDiff line change
@@ -755,6 +755,9 @@ print_eol_info_message (FlatpakDir *dir,
755755
}
756756
else if (reason)
757757
{
758+
g_autofree char *escaped_reason = flatpak_escape_string (reason,
759+
FLATPAK_ESCAPE_ALLOW_NEWLINES |
760+
FLATPAK_ESCAPE_DO_NOT_QUOTE);
758761
if (is_pinned)
759762
{
760763
/* Only runtimes can be pinned */
@@ -770,7 +773,7 @@ print_eol_info_message (FlatpakDir *dir,
770773
g_print (_("\nInfo: app %s%s%s branch %s%s%s is end-of-life, with reason:\n"),
771774
on, ref_name, off, on, ref_branch, off);
772775
}
773-
g_print (" %s\n", reason);
776+
g_print (" %s\n", escaped_reason);
774777
}
775778
}
776779

0 commit comments

Comments
 (0)