App: Sanitize all paths for null characters (#23821)

* App: Sanitize all paths for null characters * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Apply suggestions from code review --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Kacper Donat <kadet1090@gmail.com>
2025-09-18 12:37:33 -05:00
parent 852624e24a
commit cc48a08f46
3 changed files with 46 additions and 7 deletions
--- a/src/App/ApplicationDirectories.cpp
+++ b/src/App/ApplicationDirectories.cpp
@@ -273,11 +273,19 @@ bool ApplicationDirectories::startSafeMode(std::map<std::string,std::string>& mC
    return false;
 }

+std::filesystem::path ApplicationDirectories::sanitizePath(const std::string& pathAsString)
+{
+    size_t positionOfFirstNull = pathAsString.find('\0');
+    if (positionOfFirstNull != std::string::npos) {
+        return {pathAsString.substr(0, positionOfFirstNull)};
+    }
+    return {pathAsString};
+}

 void ApplicationDirectories::configureResourceDirectory(const std::map<std::string,std::string>& mConfig) {
 #ifdef RESOURCEDIR
-    // #6892: Conda may inject null characters => remove them using c_str()
-    fs::path path {std::string(RESOURCEDIR).c_str()};
+    // #6892: Conda may inject null characters
+    fs::path path = sanitizePath(RESOURCEDIR);
    if (path.is_absolute()) {
        _resource = path;
    } else {
@@ -290,8 +298,8 @@ void ApplicationDirectories::configureResourceDirectory(const std::map<std::stri

 void ApplicationDirectories::configureLibraryDirectory(const std::map<std::string,std::string>& mConfig) {
 #ifdef LIBRARYDIR
-    // #6892: Conda may inject null characters => remove them using c_str()
-    fs::path path {std::string(LIBRARYDIR).c_str()};
+    // #6892: Conda may inject null characters
+    fs::path path = sanitizePath(LIBRARYDIR);
    if (path.is_absolute()) {
        _library = path;
    } else {
@@ -306,8 +314,8 @@ void ApplicationDirectories::configureLibraryDirectory(const std::map<std::strin
 void ApplicationDirectories::configureHelpDirectory(const std::map<std::string,std::string>& mConfig)
 {
 #ifdef DOCDIR
-    // #6892: Conda may inject null characters => remove them using c_str()
-    fs::path path {std::string(DOCDIR).c_str()};
+    // #6892: Conda may inject null characters
+    fs::path path = sanitizePath(DOCDIR);
    if (path.is_absolute()) {
        _help = path;
    } else {
@@ -332,7 +340,8 @@ fs::path ApplicationDirectories::getUserHome()
    if (!result || error != 0) {
        throw Base::RuntimeError("Getting HOME path from system failed!");
    }
-    path = Base::FileInfo::stringToPath(result->pw_dir);
+    std::string sanitizedPath = sanitizePath(pwd.pw_dir);
+    path = Base::FileInfo::stringToPath(sanitizedPath);
 #else
    path = Base::FileInfo::stringToPath(QStandardPaths::writableLocation(QStandardPaths::HomeLocation).toStdString());
 #endif