Nasal security: make directory() use fgValidatePath
Being able to list arbitrary directories is a privacy violation; existing in-fgdata uses of this are all permitted paths (i.e. not Terrasync; FileSelector doesn't use it)
This commit is contained in:
Rebecca N. Palmer
parent
c72309360e
commit
74356e84f7
1 changed files with 13 additions and 2 deletions
|
|
@ -575,7 +575,18 @@ static naRef f_directory(naContext c, naRef me, int argc, naRef* args)
|
||||||
if(argc != 1 || !naIsString(args[0]))
|
if(argc != 1 || !naIsString(args[0]))
|
||||||
naRuntimeError(c, "bad arguments to directory()");
|
naRuntimeError(c, "bad arguments to directory()");
|
||||||
|
|
||||||
simgear::Dir d(SGPath(naStr_data(args[0])));
|
std::string dirname = fgValidatePath(naStr_data(args[0]), false);
|
||||||
|
if(dirname.empty()) {
|
||||||
|
SG_LOG(SG_NASAL, SG_ALERT, "directory(): listing '" <<
|
||||||
|
naStr_data(args[0]) << "' denied (unauthorized directory - authorization"
|
||||||
|
" no longer follows symlinks; to authorize reading additional "
|
||||||
|
"directories, add them to --fg-aircraft)");
|
||||||
|
naRuntimeError(c, "directory(): access denied (unauthorized directory)");
|
||||||
|
return naNil();
|
||||||
|
}
|
||||||
|
|
||||||
|
SGPath d0(dirname);
|
||||||
|
simgear::Dir d(d0);
|
||||||
if(!d.exists()) return naNil();
|
if(!d.exists()) return naNil();
|
||||||
naRef result = naNewVector(c);
|
naRef result = naNewVector(c);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue