Use JS_EncodeStringToUTF8 consistently with JavaScript

When strings handled by the jsbackendauthority contain non-ASCII, the
code will fail.  For example, on a system having a user with a
non-ASCII name, the following message will appear when a USB stick is
plugged in.

mar 04 21:47:31 mimmi polkitd[17163]: Error evaluating authorization rules

The user will not be allowed to do the mount.

The problem is that strings were variously encoded back to C strings
with JS_EncodeString and JS_EncodeStringToUTF8.  According to the
documentation
(https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/JSAPI_reference/JS_EncodeString#Description)
the former will simply drop the high byte from each character.  If
that happens to a username, it will no longer be found as a valid user
name on the system.  Explicitly encoding to UTF-8 will at least work
in UTF-8 locales, which is the increasingly dominant encoding.

1 files changed, 15 insertions, 7 deletions

diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 984a0f0..9b752d1 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -1284,13 +1284,15 @@ js_polkit_log (JSContext  *cx,
                unsigned    argc,
                JS::Value      *vp)
 {
-  /* PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx)); */
+  PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
   bool ret = false;
   char *s;
 
   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
 
-  s = JS_EncodeString (cx, args[0].toString ());
+  JS::RootedString jsstr (authority->priv->cx);
+  jsstr = args[0].toString ();
+  s = JS_EncodeStringToUTF8 (cx, jsstr);
   JS_ReportWarningUTF8 (cx, "%s", s);
   JS_free (cx, s);
 
@@ -1367,7 +1369,7 @@ js_polkit_spawn (JSContext  *cx,
                  unsigned    js_argc,
                  JS::Value      *vp)
 {
-  /* PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx)); */
+  PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
   bool ret = false;
   JS::RootedObject array_object(cx);
   gchar *standard_output = NULL;
@@ -1407,7 +1409,9 @@ js_polkit_spawn (JSContext  *cx,
           JS_ReportErrorUTF8 (cx, "Element %d is not a string", n);
           goto out;
 	}
-      s = JS_EncodeString (cx, elem_val.toString());
+      JS::RootedString jsstr (authority->priv->cx);
+      jsstr = elem_val.toString();
+      s = JS_EncodeStringToUTF8 (cx, jsstr);
       argv[n] = g_strdup (s);
       JS_free (cx, s);
     }
@@ -1490,7 +1494,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
                                unsigned    argc,
                                JS::Value      *vp)
 {
-  /* PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx)); */
+  PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
   bool ret = false;
   char *user;
   char *netgroup;
@@ -1498,8 +1502,12 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
 
   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
 
-  user = JS_EncodeString (cx, args[0].toString());
-  netgroup = JS_EncodeString (cx, args[1].toString());
+  JS::RootedString usrstr (authority->priv->cx);
+  usrstr = args[0].toString();
+  user = JS_EncodeStringToUTF8 (cx, usrstr);
+  JS::RootedString netgstr (authority->priv->cx);
+  netgstr = args[1].toString();
+  netgroup = JS_EncodeStringToUTF8 (cx, netgstr);
 
   if (innetgr (netgroup,
                NULL,  /* host */