From: Miloslav Trmač <mitr@redhat.com>
Date: Thu, 18 Apr 2013 18:32:05 +0000 (+0200)
Subject: Refuse non-string parameters to Polkit.spawn()
X-Git-Tag: 0.111~10
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=18f9d2608b145a3cc39e88b3e8aa74c742d47190;p=platform%2Fupstream%2Fpolkit.git

Refuse non-string parameters to Polkit.spawn()

Using integers or floating-point numbers could have resulted in a crash.

Use JSVAL_IS_STRING() instead of implicit conversion through
JS_ValueToString(); hopefully this will nudge the rule writer toward
thinking more about the string conversion and the format of the
resulting string.

https://bugs.freedesktop.org/show_bug.cgi?id=63575
---

diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index 0dd9548..bc2fe22 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -1357,6 +1357,12 @@ js_polkit_spawn (JSContext  *cx,
           JS_ReportError (cx, "Failed to get element %d", n);
           goto out;
         }
+      if (!JSVAL_IS_STRING (elem_val))
+	{
+          JS_ReportError (cx, "Element %d is not a string", n);
+          goto out;
+	}
+      s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val));
       s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val));
       argv[n] = g_strdup (s);
       JS_free (cx, s);