Bug 1551664 [Wayland] Validate app name and check dbus path for remote client, r=heftig
authorMartin Stransky <stransky@redhat.com>
Wed, 15 Jan 2020 11:17:42 +0000
changeset 510337 4222f7b9c86b9bc3722d447ccd3b71dbb3d313f5
parent 510336 b58ad41837a6b4cedb4652ea994adf4a2190b416
child 510338 0bb7d315058732b15df19fb8648fa634d92a481e
push id37020
push userccoroiu@mozilla.com
push dateWed, 15 Jan 2020 21:36:21 +0000
treeherdermozilla-central@c35bb210b8ae [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersheftig
bugs1551664
milestone74.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1551664 [Wayland] Validate app name and check dbus path for remote client, r=heftig Depends on D59863 Differential Revision: https://phabricator.services.mozilla.com/D59993
toolkit/components/remote/nsDBusRemoteClient.cpp
--- a/toolkit/components/remote/nsDBusRemoteClient.cpp
+++ b/toolkit/components/remote/nsDBusRemoteClient.cpp
@@ -78,17 +78,17 @@ bool nsDBusRemoteClient::GetRemoteDestin
                                                   const char* aProfile,
                                                   nsCString& aDestinationName) {
   // We have a profile name - just create the destination.
   // D-Bus names can contain only [a-z][A-Z][0-9]_
   // characters so adjust the profile string properly.
   nsAutoCString profileName;
   nsresult rv = mozilla::Base64Encode(nsAutoCString(aProfile), profileName);
   NS_ENSURE_SUCCESS(rv, false);
-  profileName.ReplaceChar("+/=", '_');
+  profileName.ReplaceChar("+/=-", '_');
 
   aDestinationName =
       nsPrintfCString("org.mozilla.%s.%s", aProgram, profileName.get());
   if (aDestinationName.Length() > DBUS_MAXIMUM_NAME_LENGTH)
     aDestinationName.Truncate(DBUS_MAXIMUM_NAME_LENGTH);
 
   static auto sDBusValidateBusName = (bool (*)(const char*, DBusError*))dlsym(
       RTLD_DEFAULT, "dbus_validate_bus_name");
@@ -109,25 +109,35 @@ bool nsDBusRemoteClient::GetRemoteDestin
 
   return true;
 }
 
 nsresult nsDBusRemoteClient::DoSendDBusCommandLine(const char* aProgram,
                                                    const char* aProfile,
                                                    const char* aBuffer,
                                                    int aLength) {
+  nsAutoCString appName(aProgram);
+  appName.ReplaceChar("+/=-", '_');
+
   nsAutoCString destinationName;
-  if (!GetRemoteDestinationName(aProgram, aProfile, destinationName))
+  if (!GetRemoteDestinationName(appName.get(), aProfile, destinationName))
     return NS_ERROR_FAILURE;
 
   nsAutoCString pathName;
-  pathName = nsPrintfCString("/org/mozilla/%s/Remote", aProgram);
+  pathName = nsPrintfCString("/org/mozilla/%s/Remote", appName.get());
+
+  static auto sDBusValidatePathName = (bool (*)(const char*, DBusError*))dlsym(
+      RTLD_DEFAULT, "dbus_validate_path");
+  if (!sDBusValidatePathName ||
+      !sDBusValidatePathName(pathName.get(), nullptr)) {
+    return NS_ERROR_FAILURE;
+  }
 
   nsAutoCString remoteInterfaceName;
-  remoteInterfaceName = nsPrintfCString("org.mozilla.%s", aProgram);
+  remoteInterfaceName = nsPrintfCString("org.mozilla.%s", appName.get());
 
   RefPtr<DBusMessage> msg =
       already_AddRefed<DBusMessage>(dbus_message_new_method_call(
           destinationName.get(),
           pathName.get(),             // object to call on
           remoteInterfaceName.get(),  // interface to call on
           "OpenURL"));                // method name
   if (!msg) {