[Scummvm-git-logs] scummvm master -> 008149e3576aa8d13c6831ee0c1d25c3c23deb83
csnover
csnover at users.noreply.github.com
Thu Dec 14 21:34:06 CET 2017
This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
7aaac1dfba POSIX: Fix CVE-2017-17528
008149e357 POSIX: Do not hang ScummVM when opening a browser
Commit: 7aaac1dfba22d2e70b33b2cf856d7885944d4a6e
https://github.com/scummvm/scummvm/commit/7aaac1dfba22d2e70b33b2cf856d7885944d4a6e
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-14T14:30:11-06:00
Commit Message:
POSIX: Fix CVE-2017-17528
Changed paths:
backends/platform/sdl/posix/posix.cpp
diff --git a/backends/platform/sdl/posix/posix.cpp b/backends/platform/sdl/posix/posix.cpp
index b805a45..60f85ef 100644
--- a/backends/platform/sdl/posix/posix.cpp
+++ b/backends/platform/sdl/posix/posix.cpp
@@ -49,6 +49,9 @@
#include <sys/wait.h>
#include <unistd.h>
+#include <spawn.h>
+extern char **environ;
+
OSystem_POSIX::OSystem_POSIX(Common::String baseConfigName)
:
_baseConfigName(baseConfigName) {
@@ -279,7 +282,7 @@ bool OSystem_POSIX::openUrl(const Common::String &url) {
// try desktop environment specific tools
if (launchBrowser("gnome-open", url)) // gnome
return true;
- if (launchBrowser("kfmclient openURL", url)) // kde
+ if (launchBrowser("kfmclient", url)) // kde
return true;
if (launchBrowser("exo-open", url)) // xfce
return true;
@@ -302,15 +305,24 @@ bool OSystem_POSIX::openUrl(const Common::String &url) {
return false;
}
-bool OSystem_POSIX::launchBrowser(const Common::String& client, const Common::String &url) {
- // FIXME: system's input must be heavily escaped
- // well, when url's specified by user
- // it's OK now (urls are hardcoded somewhere in GUI)
- Common::String cmd = client + " " + url;
- return (system(cmd.c_str()) != -1);
+bool OSystem_POSIX::launchBrowser(const Common::String &client, const Common::String &url) {
+ pid_t pid;
+ const char *argv[] = {
+ client.c_str(),
+ url.c_str(),
+ NULL,
+ NULL
+ };
+ if (client == "kfmclient") {
+ argv[2] = argv[1];
+ argv[1] = "openURL";
+ }
+ if (posix_spawnp(&pid, client.c_str(), NULL, NULL, const_cast<char **>(argv), environ) != 0) {
+ return false;
+ }
+ return (waitpid(pid, NULL, 0) != -1);
}
-
AudioCDManager *OSystem_POSIX::createAudioCDManager() {
#ifdef USE_LINUXCD
return createLinuxAudioCDManager();
Commit: 008149e3576aa8d13c6831ee0c1d25c3c23deb83
https://github.com/scummvm/scummvm/commit/008149e3576aa8d13c6831ee0c1d25c3c23deb83
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-14T14:30:16-06:00
Commit Message:
POSIX: Do not hang ScummVM when opening a browser
If the call used to open the browser does not return until the
browser is closed, this would previously cause ScummVM to hang.
Since we are using waitpid now, we can avoid hanging by telling
waitpid to not block on a child which has not exited.
Changed paths:
backends/platform/sdl/posix/posix.cpp
diff --git a/backends/platform/sdl/posix/posix.cpp b/backends/platform/sdl/posix/posix.cpp
index 60f85ef..b01de2d 100644
--- a/backends/platform/sdl/posix/posix.cpp
+++ b/backends/platform/sdl/posix/posix.cpp
@@ -320,7 +320,7 @@ bool OSystem_POSIX::launchBrowser(const Common::String &client, const Common::St
if (posix_spawnp(&pid, client.c_str(), NULL, NULL, const_cast<char **>(argv), environ) != 0) {
return false;
}
- return (waitpid(pid, NULL, 0) != -1);
+ return (waitpid(pid, NULL, WNOHANG) != -1);
}
AudioCDManager *OSystem_POSIX::createAudioCDManager() {
More information about the Scummvm-git-logs
mailing list