forked from pool/power-profiles-daemon
Dirk Mueller
4b7cc16526
* Update to version 0.11. * Drop fd1664dfe26f13f8c8cd7b44483cd872dfdede36.patch: upstreamed. OBS-URL: https://build.opensuse.org/request/show/974202 OBS-URL: https://build.opensuse.org/package/show/Base:System/power-profiles-daemon?expand=0&rev=9
54 lines
1.6 KiB
Diff
54 lines
1.6 KiB
Diff
Index: power-profiles-daemon-0.11/src/power-profiles-daemon.c
|
|
===================================================================
|
|
--- power-profiles-daemon-0.11.orig/src/power-profiles-daemon.c
|
|
+++ power-profiles-daemon-0.11/src/power-profiles-daemon.c
|
|
@@ -537,6 +537,29 @@ holder_disappeared (GDBusConnection *con
|
|
g_ptr_array_free (cookies, TRUE);
|
|
}
|
|
|
|
+#define MAX_UNTRUSTED_STR_LEN 1024
|
|
+#define MAX_PROFILE_HOLDS 32
|
|
+
|
|
+static gboolean
|
|
+check_sane_string(const char *s)
|
|
+{
|
|
+ guint i;
|
|
+
|
|
+ for (i = 0; s[i] != 0; i++) {
|
|
+ gchar ch = s[i];
|
|
+
|
|
+ if (i > MAX_UNTRUSTED_STR_LEN)
|
|
+ return FALSE;
|
|
+
|
|
+ if (g_ascii_isalnum(ch) || g_ascii_isspace(ch))
|
|
+ continue;
|
|
+
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
+ return TRUE;
|
|
+}
|
|
+
|
|
static void
|
|
hold_profile (PpdApp *data,
|
|
GVariant *parameters,
|
|
@@ -559,6 +582,18 @@ hold_profile (PpdApp *dat
|
|
return;
|
|
}
|
|
|
|
+ if (!check_sane_string(reason) || !check_sane_string(application_id)) {
|
|
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
|
|
+ "Input strings are too long or contain invalid characters");
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ if (g_hash_table_size(data->profile_holds) > MAX_PROFILE_HOLDS) {
|
|
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_LIMITS_EXCEEDED,
|
|
+ "Too many profile holds already active");
|
|
+ return;
|
|
+ }
|
|
+
|
|
hold = g_new0 (ProfileHold, 1);
|
|
hold->profile = profile;
|
|
hold->reason = g_strdup (reason);
|