fly/flightgear
1
0
Fork 0
Code Activity

Nasal security: don't break file dialogs

Browse source 
Include the directory itself when allowing reading
Don't kill the script on a denied directory read
This commit is contained in:
Rebecca N. Palmer 2016-02-09 23:17:41 +00:00
parent 74356e84f7
commit f749953493
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/Main/util.cxx
View file

@ -101,6 +101,8 @@ void fgInitAllowedPaths()
#endif
read_allowed_paths.push_back(fg_root + sep + "*");
read_allowed_paths.push_back(fg_home + sep + "*");
read_allowed_paths.push_back(fg_root);
read_allowed_paths.push_back(fg_home);
string_list const aircraft_paths = globals->get_aircraft_paths();
string_list const scenery_paths = globals->get_secure_fg_scenery();
// not plain fg_scenery, to avoid making
@ -124,6 +126,7 @@ void fgInitAllowedPaths()
exit(-1);
}
read_allowed_paths.push_back(SGPath(*it).realpath() + sep + "*");
read_allowed_paths.push_back(SGPath(*it).realpath());
}
}

2
src/Scripting/NasalSys.cxx
View file

@ -581,7 +581,7 @@ static naRef f_directory(naContext c, naRef me, int argc, naRef* args)
naStr_data(args[0]) << "' denied (unauthorized directory - authorization"
" no longer follows symlinks; to authorize reading additional "
"directories, add them to --fg-aircraft)");
naRuntimeError(c, "directory(): access denied (unauthorized directory)");
// to avoid breaking dialogs, pretend it doesn't exist rather than erroring out
return naNil();
}