[Scummvm-git-logs] scummvm branch-2-0 -> d5c6c9214fdbd68c714c9ed5ee05d494bc8e0f74

csnover csnover at users.noreply.github.com
Thu Dec 14 21:34:09 CET 2017


This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
13750595d4 POSIX: Fix CVE-2017-17528
d5c6c9214f POSIX: Do not hang ScummVM when opening a browser


Commit: 13750595d42882c0a8458f3cdfe104f47d4b78ba
    https://github.com/scummvm/scummvm/commit/13750595d42882c0a8458f3cdfe104f47d4b78ba
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-14T14:32:37-06:00

Commit Message:
POSIX: Fix CVE-2017-17528

(cherry picked from commit 7aaac1dfba22d2e70b33b2cf856d7885944d4a6e)

Changed paths:
    backends/platform/sdl/posix/posix.cpp


diff --git a/backends/platform/sdl/posix/posix.cpp b/backends/platform/sdl/posix/posix.cpp
index b805a45..60f85ef 100644
--- a/backends/platform/sdl/posix/posix.cpp
+++ b/backends/platform/sdl/posix/posix.cpp
@@ -49,6 +49,9 @@
 #include <sys/wait.h>
 #include <unistd.h>
 
+#include <spawn.h>
+extern char **environ;
+
 OSystem_POSIX::OSystem_POSIX(Common::String baseConfigName)
 	:
 	_baseConfigName(baseConfigName) {
@@ -279,7 +282,7 @@ bool OSystem_POSIX::openUrl(const Common::String &url) {
 	// try desktop environment specific tools
 	if (launchBrowser("gnome-open", url)) // gnome
 		return true;
-	if (launchBrowser("kfmclient openURL", url)) // kde
+	if (launchBrowser("kfmclient", url)) // kde
 		return true;
 	if (launchBrowser("exo-open", url)) // xfce
 		return true;
@@ -302,15 +305,24 @@ bool OSystem_POSIX::openUrl(const Common::String &url) {
 	return false;
 }
 
-bool OSystem_POSIX::launchBrowser(const Common::String& client, const Common::String &url) {
-	// FIXME: system's input must be heavily escaped
-	// well, when url's specified by user
-	// it's OK now (urls are hardcoded somewhere in GUI)
-	Common::String cmd = client + " " + url;
-	return (system(cmd.c_str()) != -1);
+bool OSystem_POSIX::launchBrowser(const Common::String &client, const Common::String &url) {
+	pid_t pid;
+	const char *argv[] = {
+		client.c_str(),
+		url.c_str(),
+		NULL,
+		NULL
+	};
+	if (client == "kfmclient") {
+		argv[2] = argv[1];
+		argv[1] = "openURL";
+	}
+	if (posix_spawnp(&pid, client.c_str(), NULL, NULL, const_cast<char **>(argv), environ) != 0) {
+		return false;
+	}
+	return (waitpid(pid, NULL, 0) != -1);
 }
 
-
 AudioCDManager *OSystem_POSIX::createAudioCDManager() {
 #ifdef USE_LINUXCD
 	return createLinuxAudioCDManager();


Commit: d5c6c9214fdbd68c714c9ed5ee05d494bc8e0f74
    https://github.com/scummvm/scummvm/commit/d5c6c9214fdbd68c714c9ed5ee05d494bc8e0f74
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-12-14T14:32:38-06:00

Commit Message:
POSIX: Do not hang ScummVM when opening a browser

If the call used to open the browser does not return until the
browser is closed, this would previously cause ScummVM to hang.
Since we are using waitpid now, we can avoid hanging by telling
waitpid to not block on a child which has not exited.

(cherry picked from commit 008149e3576aa8d13c6831ee0c1d25c3c23deb83)

Changed paths:
    backends/platform/sdl/posix/posix.cpp


diff --git a/backends/platform/sdl/posix/posix.cpp b/backends/platform/sdl/posix/posix.cpp
index 60f85ef..b01de2d 100644
--- a/backends/platform/sdl/posix/posix.cpp
+++ b/backends/platform/sdl/posix/posix.cpp
@@ -320,7 +320,7 @@ bool OSystem_POSIX::launchBrowser(const Common::String &client, const Common::St
 	if (posix_spawnp(&pid, client.c_str(), NULL, NULL, const_cast<char **>(argv), environ) != 0) {
 		return false;
 	}
-	return (waitpid(pid, NULL, 0) != -1);
+	return (waitpid(pid, NULL, WNOHANG) != -1);
 }
 
 AudioCDManager *OSystem_POSIX::createAudioCDManager() {





More information about the Scummvm-git-logs mailing list