[vlc-devel] commit: VLC_VariableSet: assume unsafe variable settings. Fixes #1371. ( Rémi Denis-Courmont )
git version control
git at videolan.org
Thu May 8 22:28:25 CEST 2008
vlc | branch: master | Rémi Denis-Courmont <rem at videolan.org> | Thu May 8 23:29:40 2008 +0300| [a7e8d944f93a414be8995d53bb9bcc92b00fbc19]
VLC_VariableSet: assume unsafe variable settings. Fixes #1371.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=a7e8d944f93a414be8995d53bb9bcc92b00fbc19
---
src/libvlc.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/libvlc.c b/src/libvlc.c
index e8d3a4f..fa9bbf9 100644
--- a/src/libvlc.c
+++ b/src/libvlc.c
@@ -188,7 +188,7 @@ int VLC_Destroy( int i_object )
}
/*****************************************************************************
- * VLC_VariableSet: set a vlc variable
+ * VLC_VariableSet: set a "safe" vlc variable
*****************************************************************************/
int VLC_VariableSet( int i_object, char const *psz_var, vlc_value_t value )
{
@@ -206,6 +206,11 @@ int VLC_VariableSet( int i_object, char const *psz_var, vlc_value_t value )
if( p_item )
{
+ /* VLC_VariableSet is only used from the browser plugins, so we
+ * can pretty much assume that the input is _not_ trusted. */
+ if( !p_item->b_safe )
+ return VLC_EGENERIC;
+
switch( p_item->i_type )
{
case CONFIG_ITEM_BOOL:
More information about the vlc-devel
mailing list