packages
/
lightdm-webkit2-greeter
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

fix segfault caused by modifying data uris as if they were regular uris

sisyphus
Dustin Falgout 8 years ago
parent
9d0170c738
commit
b04b1eb98b
2 changed files with 32 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 39
      src/webkit2-extension.c
  2. 3
      themes/antergos/js/greeter.js

39
src/webkit2-extension.c
Unescape View File

@ -1301,6 +1301,20 @@ txt2html_cb(JSContextRef context,
} }
static gchar *
remove_query_string(gchar *str) {
gchar *ptr = NULL;
ptr = strchr(str, '?');
if (NULL != ptr) {
*ptr = '\0';
}
return g_strstrip(str);
}
static const JSStaticValue lightdm_user_values[] = { static const JSStaticValue lightdm_user_values[] = {
{"display_name", get_user_display_name_cb, NULL, kJSPropertyAttributeReadOnly}, {"display_name", get_user_display_name_cb, NULL, kJSPropertyAttributeReadOnly},
{"home_directory", get_user_home_directory_cb, NULL, kJSPropertyAttributeReadOnly}, {"home_directory", get_user_home_directory_cb, NULL, kJSPropertyAttributeReadOnly},
@ -1766,27 +1780,38 @@ web_page_send_request_cb(WebKitWebPage *web_page,
gpointer user_data) { gpointer user_data) {
char *request_scheme; char *request_scheme;
char *request_file_path; gchar *request_file_path;
char *request_file_path_without_query;
const char *request_uri = webkit_uri_request_get_uri(request); const char *request_uri = webkit_uri_request_get_uri(request);
request_scheme = g_uri_parse_scheme(request_uri); request_scheme = g_uri_parse_scheme(request_uri);
g_message(request_uri); /* NOTE: Returning TRUE blocks the request, while Returning FALSE allows it.
* :face_with_rolling_eyes:
*/
if (strcmp(request_scheme, "file") != 0 && strcmp(request_scheme, "data") != 0) { if (strcmp(request_scheme, "data") == 0) {
g_free(request_scheme);
return FALSE; /* Allowed */
}
if (strcmp(request_scheme, "file") != 0) {
/* In order to ensure the user's privacy & security, only local requests are allowed. */ /* In order to ensure the user's privacy & security, only local requests are allowed. */
g_warning("request scheme error: %s", request_scheme); g_warning("request scheme error: %s", request_scheme);
g_free(request_scheme); g_free(request_scheme);
return TRUE; return TRUE; /* Blocked */
} }
request_file_path = g_filename_from_uri(request_uri, NULL, NULL); request_file_path = g_filename_from_uri(request_uri, NULL, NULL);
request_file_path_without_query = g_strdup(request_file_path);
request_file_path_without_query = remove_query_string(request_file_path_without_query);
g_message(request_file_path_without_query);
g_free(request_scheme); g_free(request_scheme);
/* Returning TRUE prevents the request, while FALSE allows it :face_with_rolling_eyes: */ return (FALSE == is_requested_file_path_allowed(request_file_path_without_query));
return (FALSE == is_requested_file_path_allowed(request_file_path));
} }

3
themes/antergos/js/greeter.js
Unescape View File

@ -779,15 +779,12 @@ class AntergosTheme {
switch ( event.which ) { switch ( event.which ) {
case 13: case 13:
action = _self.auth_pending ? _self.submit_password() : ! _self.user_list_visible ? _self.show_user_list() : 0; action = _self.auth_pending ? _self.submit_password() : ! _self.user_list_visible ? _self.show_user_list() : 0;
_util.log( action );
break; break;
case 27: case 27:
action = _self.auth_pending ? _self.cancel_authentication() : 0; action = _self.auth_pending ? _self.cancel_authentication() : 0;
_util.log( action );
break; break;
case 32: case 32:
action = (! _self.user_list_visible && ! _self.auth_pending) ? _self.show_user_list() : 0; action = (! _self.user_list_visible && ! _self.auth_pending) ? _self.show_user_list() : 0;
_util.log( action );
break; break;
default: default:
break; break;

Write Preview
Loading…
Cancel
Save