From 92d7cc35aa3e2fc93e9693e1491305571b2c7be2 Mon Sep 17 00:00:00 2001 From: Lukasz Pawlik Date: Tue, 18 Oct 2011 13:47:56 +0200 Subject: [PATCH] tracker: send only utf8 string over DBus Previously it was possible to crash rygel by sending certain malformed url. This patch fix this by ensuring that every selection query send to tracker service over DBus will be UTF8 encoded. If UTF8 will not be enforced GLib.Variant will crash. --- .../tracker/rygel-tracker-search-container.vala | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/plugins/tracker/rygel-tracker-search-container.vala b/src/plugins/tracker/rygel-tracker-search-container.vala index 5473871..c3762d9 100644 --- a/src/plugins/tracker/rygel-tracker-search-container.vala +++ b/src/plugins/tracker/rygel-tracker-search-container.vala @@ -243,6 +243,20 @@ public class Rygel.Tracker.SearchContainer : SimpleContainer { return query; } + private string? urn_to_utf8 (string urn) { + var urn_builder = new StringBuilder (); + unowned string s = urn; + + for (; s.get_char () != 0; s = s.next_char ()) { + unichar character = s.get_char (); + if (!(character.iscntrl () || !character.validate ())) { + urn_builder.append_unichar (character); + } + } + + return urn_builder.str; + } + private string? create_filter_for_child (RelationalExpression expression) { string filter = null; string variable = null; @@ -254,10 +268,17 @@ public class Rygel.Tracker.SearchContainer : SimpleContainer { string parent_id; var urn = this.get_item_info (expression.operand2, out parent_id); + + if (!urn.validate ()) { + urn = urn_to_utf8 (urn); + } + if (urn == null || parent_id == null || parent_id != this.id) { return null; } + urn = Query.escape_string (urn); + switch (expression.op) { case SearchCriteriaOp.EQ: value = "<" + urn + ">"; -- 2.7.4