Nasal security: make directory() use fgValidatePath
Being able to list arbitrary directories is a privacy violation; existing in-fgdata uses of this are all permitted paths (i.e. not Terrasync; FileSelector doesn't use it)
This commit is contained in:
Rebecca N. Palmer
parent
c72309360e
commit
74356e84f7
1 changed files with 13 additions and 2 deletions
|
|
@ -574,8 +574,19 @@ static naRef f_directory(naContext c, naRef me, int argc, naRef* args)
|
|||
{
|
||||
if(argc != 1 || !naIsString(args[0]))
|
||||
naRuntimeError(c, "bad arguments to directory()");
|
||||
|
||||
simgear::Dir d(SGPath(naStr_data(args[0])));
|
||||
|
||||
std::string dirname = fgValidatePath(naStr_data(args[0]), false);
|
||||
if(dirname.empty()) {
|
||||
SG_LOG(SG_NASAL, SG_ALERT, "directory(): listing '" <<
|
||||
naStr_data(args[0]) << "' denied (unauthorized directory - authorization"
|
||||
" no longer follows symlinks; to authorize reading additional "
|
||||
"directories, add them to --fg-aircraft)");
|
||||
naRuntimeError(c, "directory(): access denied (unauthorized directory)");
|
||||
return naNil();
|
||||
}
|
||||
|
||||
SGPath d0(dirname);
|
||||
simgear::Dir d(d0);
|
||||
if(!d.exists()) return naNil();
|
||||
naRef result = naNewVector(c);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue