summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2013-04-18 20:32:05 +0200
committerMiloslav Trmač <mitr@redhat.com>2013-05-06 20:05:27 +0200
commit18f9d2608b145a3cc39e88b3e8aa74c742d47190 (patch)
tree5597f1ff8627c732d1eabbc0ff913461d8dff7c9
parent8085a29c67c4a6e1f58f8975e0f7426d09d0fa99 (diff)
downloadpolkit-18f9d2608b145a3cc39e88b3e8aa74c742d47190.tar.gz
Refuse non-string parameters to Polkit.spawn()
Using integers or floating-point numbers could have resulted in a crash. Use JSVAL_IS_STRING() instead of implicit conversion through JS_ValueToString(); hopefully this will nudge the rule writer toward thinking more about the string conversion and the format of the resulting string. https://bugs.freedesktop.org/show_bug.cgi?id=63575
-rw-r--r--src/polkitbackend/polkitbackendjsauthority.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index 0dd9548..bc2fe22 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -1357,6 +1357,12 @@ js_polkit_spawn (JSContext *cx,
JS_ReportError (cx, "Failed to get element %d", n);
goto out;
}
+ if (!JSVAL_IS_STRING (elem_val))
+ {
+ JS_ReportError (cx, "Element %d is not a string", n);
+ goto out;
+ }
+ s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val));
s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val));
argv[n] = g_strdup (s);
JS_free (cx, s);