From 3bbf0b6176d42836d23c36a6ac410e807ec0a7a7 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Sat, 15 Jun 2024 14:18:01 -0400
Subject: [PATCH] Stop looking for modules in cwd

This is just not a good idea. It is surprising, and can be misused.

Fixes: #6786

CVE: CVE-2024-6655
Upstream-Status: Backport [https://launchpad.net/ubuntu/+source/gtk+3.0/3.24.33-1ubuntu2.2]
Signed-off-by: Ashish Sharma <asharma@mvista.com>

 gtk/gtkmodules.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/gtk/gtkmodules.c b/gtk/gtkmodules.c
index 704e412aeb5..f93101c272e 100644
--- a/gtk/gtkmodules.c
+++ b/gtk/gtkmodules.c
@@ -214,13 +214,8 @@ find_module (const gchar *name)
   gchar *module_name;
 
   module_name = _gtk_find_module (name, "modules");
-  if (!module_name)
-    {
-      /* As last resort, try loading without an absolute path (using system
-       * library path)
-       */
-      module_name = g_module_build_path (NULL, name);
-    }
+  if (module_name == NULL)
+    return NULL;
 
   module = g_module_open (module_name, G_MODULE_BIND_LOCAL | G_MODULE_BIND_LAZY);
 
-- 
GitLab