From 4ad77a0e2d0e9e285a3ae2e5226ea89d93c3645b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 18 Apr 2013 20:32:05 +0200 Subject: [PATCH 2/2] Refuse non-string parameters to Polkit.spawn() Using integers or floating-point numbers could have resulted in a crash. Use JSVAL_IS_STRING() instead of implicit conversion through JS_ValueToString(); hopefully this will nudge the rule writer toward thinking more about the string conversion and the format of the resulting string. https://bugs.freedesktop.org/show_bug.cgi?id=63575 --- src/polkitbackend/polkitbackendjsauthority.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c index 5edfa5b..211dad3 100644 --- a/src/polkitbackend/polkitbackendjsauthority.c +++ b/src/polkitbackend/polkitbackendjsauthority.c @@ -1474,6 +1474,11 @@ js_polkit_spawn (JSContext *cx, dJS_ReportError (cx, "Failed to get element %d", n); goto out; } + if (!JSVAL_IS_STRING (elem_val)) + { + dJS_ReportError (cx, "Element %d is not a string", n); + goto out; + } s = dJS_EncodeString (cx, JSVAL_TO_STRING (elem_val)); argv[n] = g_strdup (s); dJS_free (cx, s); -- 1.8.1.4