Disallow launching unknown apps via browser client.

CVE-2018-1000006

atom/common/atom_command_line.cc

@@ -10,31 +10,22 @@
 namespace atom {
 
 // static
-std::vector<std::string> AtomCommandLine::argv_;
-
-#if defined(OS_WIN)
-// static
-std::vector<std::wstring> AtomCommandLine::wargv_;
-#endif
+base::CommandLine::StringVector AtomCommandLine::argv_;
 
 // static
-void AtomCommandLine::Init(int argc, const char* const* argv) {
+void AtomCommandLine::Init(int argc, base::CommandLine::CharType** argv) {
+  DCHECK(argv_.empty());
+
+  // NOTE: uv_setup_args does nothing on Windows, so we don't need to call it.
+  // Otherwise we'd have to convert the arguments from UTF16.
+#if !defined(OS_WIN)
   // Hack around with the argv pointer. Used for process.title = "blah"
-  char** new_argv = uv_setup_args(argc, const_cast<char**>(argv));
-  for (int i = 0; i < argc; ++i) {
-    argv_.push_back(new_argv[i]);
-  }
-}
-
-#if defined(OS_WIN)
-// static
-void AtomCommandLine::InitW(int argc, const wchar_t* const* argv) {
-  for (int i = 0; i < argc; ++i) {
-    wargv_.push_back(argv[i]);
-  }
-}
+  argv = uv_setup_args(argc, argv);
 #endif
 
+  argv_.assign(argv, argv + argc);
+}
+
 #if defined(OS_LINUX)
 // static
 void AtomCommandLine::InitializeFromCommandLine() {

atom/common/atom_command_line.h

@@ -8,6 +8,7 @@
 #include <string>
 #include <vector>
 
+#include "base/command_line.h"
 #include "base/macros.h"
 #include "build/build_config.h"
 
@@ -16,13 +17,9 @@ namespace atom {
 // Singleton to remember the original "argc" and "argv".
 class AtomCommandLine {
  public:
-  static void Init(int argc, const char* const* argv);
-  static std::vector<std::string> argv() { return argv_; }
+  static const base::CommandLine::StringVector& argv() { return argv_; }
 
-#if defined(OS_WIN)
-  static void InitW(int argc, const wchar_t* const* argv);
-  static std::vector<std::wstring> wargv() { return wargv_; }
-#endif
+  static void Init(int argc, base::CommandLine::CharType** argv);
 
 #if defined(OS_LINUX)
   // On Linux the command line has to be read from base::CommandLine since
@@ -31,11 +28,7 @@ class AtomCommandLine {
 #endif
 
  private:
-  static std::vector<std::string> argv_;
-
-#if defined(OS_WIN)
-  static std::vector<std::wstring> wargv_;
-#endif
+  static base::CommandLine::StringVector argv_;
 
   DISALLOW_IMPLICIT_CONSTRUCTORS(AtomCommandLine);
 };

atom/common/node_bindings.cc

@@ -4,6 +4,7 @@
 
 #include "atom/common/node_bindings.h"
 
+#include <algorithm>
 #include <string>
 #include <vector>
 
@@ -17,6 +18,7 @@
 #include "base/files/file_path.h"
 #include "base/path_service.h"
 #include "base/run_loop.h"
+#include "base/strings/utf_string_conversions.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/trace_event/trace_event.h"
 #include "content/public/browser/browser_thread.h"
@@ -179,7 +181,14 @@ void NodeBindings::Initialize() {
 
 node::Environment* NodeBindings::CreateEnvironment(
     v8::Handle<v8::Context> context) {
+#if defined(OS_WIN)
+  auto& atom_args = AtomCommandLine::argv();
+  std::vector<std::string> args(atom_args.size());
+  std::transform(atom_args.cbegin(), atom_args.cend(), args.begin(),
+                 [](auto& a) { return base::WideToUTF8(a); });
+#else
   auto args = AtomCommandLine::argv();
+#endif
 
   // Feed node the path to initialization script.
   base::FilePath::StringType process_type;
@@ -199,8 +208,7 @@ node::Environment* NodeBindings::CreateEnvironment(
       resources_path.Append(FILE_PATH_LITERAL("electron.asar"))
                     .Append(process_type)
                     .Append(FILE_PATH_LITERAL("init.js"));
-  std::string script_path_str = script_path.AsUTF8Unsafe();
-  args.insert(args.begin() + 1, script_path_str.c_str());
+  args.insert(args.begin() + 1, script_path.AsUTF8Unsafe());
 
   std::unique_ptr<const char*[]> c_argv = StringVectorToArgArray(args);
   node::Environment* env = node::CreateEnvironment(