diff options
author | keis <keijser@gmail.com> | 2011-09-11 14:32:02 +0200 |
---|---|---|
committer | keis <keijser@gmail.com> | 2011-09-11 16:11:25 +0200 |
commit | bd7b9d09e56897b1d03e23080dedf86c7be2bb21 (patch) | |
tree | 8abf8c76194b4f55063bd6665d28a103e6609286 /src | |
parent | 7c35456ff3930f0484b79aaf1c43cb4fa9bfc707 (diff) |
bail if trying to send events with newlines
each line is treated as a new event by the event manager
so previous behaviour could cause to event injection, which in theory
could be use to exploit uzbl.
Diffstat (limited to 'src')
-rw-r--r-- | src/events.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/events.c b/src/events.c index 20f4545..fdb6b2a 100644 --- a/src/events.c +++ b/src/events.c @@ -192,11 +192,15 @@ vsend_event(int type, const gchar *custom_event, va_list vargs) { } } - g_string_append_c(event_message, '\n'); - - if (uzbl.state.events_stdout) - send_event_stdout (event_message); - send_event_socket (event_message); + // A event string is not supposed to contain newlines as it will be + // interpreted as two events + if (!strchr(event_message->str, '\n')) { + g_string_append_c(event_message, '\n'); + + if (uzbl.state.events_stdout) + send_event_stdout (event_message); + send_event_socket (event_message); + } g_string_free (event_message, TRUE); } |