luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-02-09 12:25:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

gdbusserver: properly escape all components of server address

Browse Source 
https://gitlab.gnome.org/GNOME/glib/merge_requests/911#note_530668
This commit is contained in:
Michael Catanzaro 2019-06-13 13:04:17 -05:00
parent 16cdda5d35
commit 30524fbdb5
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
gio/gdbusserver.c
View File

@ -769,27 +769,30 @@ try_unix (GDBusServer *server,
/* Fill out client_address if the connection attempt worked */ /* Fill out client_address if the connection attempt worked */
if (ret) if (ret)
{ {
const char *address_path;
char *escaped_path;
server->is_using_listener = TRUE; server->is_using_listener = TRUE;
address_path = g_unix_socket_address_get_path (G_UNIX_SOCKET_ADDRESS (address));
escaped_path = g_dbus_address_escape_value (address_path);
switch (g_unix_socket_address_get_address_type (G_UNIX_SOCKET_ADDRESS (address))) switch (g_unix_socket_address_get_address_type (G_UNIX_SOCKET_ADDRESS (address)))
{ {
case G_UNIX_SOCKET_ADDRESS_ABSTRACT: case G_UNIX_SOCKET_ADDRESS_ABSTRACT:
server->client_address = g_strdup_printf ("unix:abstract=%s", server->client_address = g_strdup_printf ("unix:abstract=%s", escaped_path);
g_unix_socket_address_get_path (G_UNIX_SOCKET_ADDRESS (address)));
break; break;
case G_UNIX_SOCKET_ADDRESS_PATH: case G_UNIX_SOCKET_ADDRESS_PATH:
{ server->client_address = g_strdup_printf ("unix:path=%s", escaped_path);
const char *address_path = g_unix_socket_address_get_path (G_UNIX_SOCKET_ADDRESS (address)); server->unix_socket_path = g_strdup (address_path);
server->client_address = g_strdup_printf ("unix:path=%s", address_path); break;
server->unix_socket_path = g_strdup (address_path);
break;
}
default: default:
g_assert_not_reached (); g_assert_not_reached ();
break; break;
} }
g_free (escaped_path);
} }
g_object_unref (address); g_object_unref (address);
} }
@ -881,6 +884,7 @@ try_tcp (GDBusServer *server,
gsize bytes_written; gsize bytes_written;
gsize bytes_remaining; gsize bytes_remaining;
char *file_escaped; char *file_escaped;
char *host_escaped;
server->nonce = g_new0 (guchar, 16); server->nonce = g_new0 (guchar, 16);
for (n = 0; n < 16; n++) for (n = 0; n < 16; n++)
@ -920,11 +924,13 @@ try_tcp (GDBusServer *server,
} }
if (!g_close (fd, error)) if (!g_close (fd, error))
goto out; goto out;
file_escaped = g_uri_escape_string (server->nonce_file, "/\\", FALSE); host_escaped = g_dbus_address_escape_value (host);
file_escaped = g_dbus_address_escape_value (server->nonce_file);
server->client_address = g_strdup_printf ("nonce-tcp:host=%s,port=%d,noncefile=%s", server->client_address = g_strdup_printf ("nonce-tcp:host=%s,port=%d,noncefile=%s",
host, host_escaped,
port_num, port_num,
file_escaped); file_escaped);
g_free (host_escaped);
g_free (file_escaped); g_free (file_escaped);
} }
else else