diff options
| author | Florian Bruhin <me@the-compiler.org> | 2020-06-16 18:55:25 +0200 |
|---|---|---|
| committer | Florian Bruhin <me@the-compiler.org> | 2020-06-16 18:55:25 +0200 |
| commit | a38620a0f92738cef7a4ce95f1cfe3336a3bf3f4 (patch) | |
| tree | 563208b568bda4cf52303c5de7f87e4f0ac8c5c3 /qutebrowser/commands | |
| parent | ed227b052b7fe7b4a87789a6a5fa0df00c32295d (diff) | |
| download | qutebrowser-a38620a0f92738cef7a4ce95f1cfe3336a3bf3f4.tar.gz qutebrowser-a38620a0f92738cef7a4ce95f1cfe3336a3bf3f4.zip | |
userscripts: Clear self._filepath on OSError
As an additional precaution that a "tainted" path isn't being used anywhere.
See https://github.com/qutebrowser/qutebrowser/security/code-scanning/2
Diffstat (limited to 'qutebrowser/commands')
| -rw-r--r-- | qutebrowser/commands/userscripts.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/qutebrowser/commands/userscripts.py b/qutebrowser/commands/userscripts.py index b9ef41f01..57ea474d4 100644 --- a/qutebrowser/commands/userscripts.py +++ b/qutebrowser/commands/userscripts.py @@ -262,6 +262,7 @@ class _POSIXUserscriptRunner(_BaseUserscriptRunner): os.mkfifo(self._filepath) # pylint: enable=no-member,useless-suppression except OSError as e: + self._filepath = None # Make sure it's not used message.error("Error while creating FIFO: {}".format(e)) return |