diff options
| author | Daniel Kolesa <d.kolesa@osg.samsung.com> | 2015-06-09 14:01:25 +0100 |
|---|---|---|
| committer | Daniel Kolesa <d.kolesa@osg.samsung.com> | 2015-06-09 14:01:25 +0100 |
| commit | b90c1bf90e67f1838152185dce5a270f3f824f6b (patch) | |
| tree | 0255638c4cc55bb616076c3d72b616c875602bc4 /src | |
| parent | 6692319c7873e0fbb797f01bc2ca41c2d12824b4 (diff) | |
elua lib: sanitize all file paths before writing them
This will prevent random nonsense from being written in.
It changes semantics slightly (documented) and also fixes
CID 1267463.
@fix
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/elua/Elua.h | 8 | ||||
| -rw-r--r-- | src/lib/elua/elua.c | 48 | ||||
| -rw-r--r-- | src/tests/elua/elua_lib.c | 26 |
3 files changed, 69 insertions, 13 deletions
diff --git a/src/lib/elua/Elua.h b/src/lib/elua/Elua.h index d960cf5f4c..4c0f9cb3c5 100644 --- a/src/lib/elua/Elua.h +++ b/src/lib/elua/Elua.h | |||
| @@ -187,6 +187,9 @@ EAPI void elua_state_free(Elua_State *es); | |||
| 187 | * split the setting into multiple calls. By the time of state use all need | 187 | * split the setting into multiple calls. By the time of state use all need |
| 188 | * to be set. | 188 | * to be set. |
| 189 | * | 189 | * |
| 190 | * Also, all the paths will be sanitized before setting by calling | ||
| 191 | * @ref eina_file_path_sanitize on them. | ||
| 192 | * | ||
| 190 | * @param[in] es The Elua state. | 193 | * @param[in] es The Elua state. |
| 191 | * @param[in] core The core path. | 194 | * @param[in] core The core path. |
| 192 | * @param[in] mods The modules path. | 195 | * @param[in] mods The modules path. |
| @@ -212,6 +215,9 @@ EAPI void elua_state_dirs_set(Elua_State *es, const char *core, | |||
| 212 | * they will expand to DATADIR/core, DATADIR/modules and DATADIR/apps, where | 215 | * they will expand to DATADIR/core, DATADIR/modules and DATADIR/apps, where |
| 213 | * DATADIR is typically something like /usr/share/elua. | 216 | * DATADIR is typically something like /usr/share/elua. |
| 214 | * | 217 | * |
| 218 | * Also, all the paths will be sanitized before setting by calling | ||
| 219 | * @ref eina_file_path_sanitize on them. | ||
| 220 | * | ||
| 215 | * @param[in] es The Elua state. | 221 | * @param[in] es The Elua state. |
| 216 | * @param[in] ignore_env If set to EINA_TRUE, this ignores the env vars. | 222 | * @param[in] ignore_env If set to EINA_TRUE, this ignores the env vars. |
| 217 | * | 223 | * |
| @@ -262,6 +268,8 @@ EAPI Eina_Stringshare *elua_state_prog_name_get(const Elua_State *es); | |||
| 262 | /** | 268 | /** |
| 263 | * @brief Add another path to look up modules in to the state. | 269 | * @brief Add another path to look up modules in to the state. |
| 264 | * | 270 | * |
| 271 | * The path will be sanitized using @ref eina_file_path_sanitize. | ||
| 272 | * | ||
| 265 | * @param[in] es The Elua state. | 273 | * @param[in] es The Elua state. |
| 266 | * | 274 | * |
| 267 | * @ingroup Elua | 275 | * @ingroup Elua |
diff --git a/src/lib/elua/elua.c b/src/lib/elua/elua.c index a7c86f9a91..0056cf0080 100644 --- a/src/lib/elua/elua.c +++ b/src/lib/elua/elua.c | |||
| @@ -108,10 +108,29 @@ EAPI void | |||
| 108 | elua_state_dirs_set(Elua_State *es, const char *core, const char *mods, | 108 | elua_state_dirs_set(Elua_State *es, const char *core, const char *mods, |
| 109 | const char *apps) | 109 | const char *apps) |
| 110 | { | 110 | { |
| 111 | char *spath = NULL; | ||
| 111 | EINA_SAFETY_ON_NULL_RETURN(es); | 112 | EINA_SAFETY_ON_NULL_RETURN(es); |
| 112 | if (core) es->coredir = eina_stringshare_add(core); | 113 | if (core) |
| 113 | if (mods) es->moddir = eina_stringshare_add(mods); | 114 | { |
| 114 | if (apps) es->appsdir = eina_stringshare_add(apps); | 115 | eina_stringshare_del(es->coredir); |
| 116 | spath = eina_file_path_sanitize(core); | ||
| 117 | es->coredir = eina_stringshare_add(spath); | ||
| 118 | free(spath); | ||
| 119 | } | ||
| 120 | if (mods) | ||
| 121 | { | ||
| 122 | eina_stringshare_del(es->moddir); | ||
| 123 | spath = eina_file_path_sanitize(mods); | ||
| 124 | es->moddir = eina_stringshare_add(spath); | ||
| 125 | free(spath); | ||
| 126 | } | ||
| 127 | if (apps) | ||
| 128 | { | ||
| 129 | eina_stringshare_del(es->appsdir); | ||
| 130 | spath = eina_file_path_sanitize(apps); | ||
| 131 | es->appsdir = eina_stringshare_add(spath); | ||
| 132 | free(spath); | ||
| 133 | } | ||
| 115 | } | 134 | } |
| 116 | 135 | ||
| 117 | EAPI void | 136 | EAPI void |
| @@ -128,7 +147,11 @@ elua_state_dirs_fill(Elua_State *es, Eina_Bool ignore_env) | |||
| 128 | snprintf(coredirbuf, sizeof(coredirbuf), "%s/core", | 147 | snprintf(coredirbuf, sizeof(coredirbuf), "%s/core", |
| 129 | eina_prefix_data_get(_elua_pfx)); | 148 | eina_prefix_data_get(_elua_pfx)); |
| 130 | } | 149 | } |
| 131 | if (coredir) es->coredir = eina_stringshare_add(coredir); | 150 | if (coredir) { |
| 151 | char *sdir = eina_file_path_sanitize(coredir); | ||
| 152 | es->coredir = eina_stringshare_add(sdir); | ||
| 153 | free(sdir); | ||
| 154 | } | ||
| 132 | } | 155 | } |
| 133 | if (!(moddir = es->moddir)) | 156 | if (!(moddir = es->moddir)) |
| 134 | { | 157 | { |
| @@ -138,7 +161,11 @@ elua_state_dirs_fill(Elua_State *es, Eina_Bool ignore_env) | |||
| 138 | snprintf(moddirbuf, sizeof(moddirbuf), "%s/modules", | 161 | snprintf(moddirbuf, sizeof(moddirbuf), "%s/modules", |
| 139 | eina_prefix_data_get(_elua_pfx)); | 162 | eina_prefix_data_get(_elua_pfx)); |
| 140 | } | 163 | } |
| 141 | if (moddir) es->moddir = eina_stringshare_add(moddir); | 164 | if (moddir) { |
| 165 | char *sdir = eina_file_path_sanitize(moddir); | ||
| 166 | es->moddir = eina_stringshare_add(sdir); | ||
| 167 | free(sdir); | ||
| 168 | } | ||
| 142 | } | 169 | } |
| 143 | if (!(appsdir = es->appsdir)) | 170 | if (!(appsdir = es->appsdir)) |
| 144 | { | 171 | { |
| @@ -148,7 +175,11 @@ elua_state_dirs_fill(Elua_State *es, Eina_Bool ignore_env) | |||
| 148 | snprintf(appsdirbuf, sizeof(appsdirbuf), "%s/apps", | 175 | snprintf(appsdirbuf, sizeof(appsdirbuf), "%s/apps", |
| 149 | eina_prefix_data_get(_elua_pfx)); | 176 | eina_prefix_data_get(_elua_pfx)); |
| 150 | } | 177 | } |
| 151 | if (appsdir) es->appsdir = eina_stringshare_add(appsdir); | 178 | if (appsdir) { |
| 179 | char *sdir = eina_file_path_sanitize(appsdir); | ||
| 180 | es->appsdir = eina_stringshare_add(sdir); | ||
| 181 | free(sdir); | ||
| 182 | } | ||
| 152 | } | 183 | } |
| 153 | } | 184 | } |
| 154 | 185 | ||
| @@ -183,10 +214,13 @@ elua_state_prog_name_get(const Elua_State *es) | |||
| 183 | EAPI void | 214 | EAPI void |
| 184 | elua_state_include_path_add(Elua_State *es, const char *path) | 215 | elua_state_include_path_add(Elua_State *es, const char *path) |
| 185 | { | 216 | { |
| 217 | char *spath = NULL; | ||
| 186 | EINA_SAFETY_ON_NULL_RETURN(es); | 218 | EINA_SAFETY_ON_NULL_RETURN(es); |
| 187 | EINA_SAFETY_ON_NULL_RETURN(path); | 219 | EINA_SAFETY_ON_NULL_RETURN(path); |
| 188 | EINA_SAFETY_ON_FALSE_RETURN(path[0]); | 220 | EINA_SAFETY_ON_FALSE_RETURN(path[0]); |
| 189 | es->lincs = eina_list_append(es->lincs, eina_stringshare_add(path)); | 221 | spath = eina_file_path_sanitize(path); |
| 222 | es->lincs = eina_list_append(es->lincs, eina_stringshare_add(spath)); | ||
| 223 | free(spath); | ||
| 190 | } | 224 | } |
| 191 | 225 | ||
| 192 | EAPI Eina_Bool | 226 | EAPI Eina_Bool |
diff --git a/src/tests/elua/elua_lib.c b/src/tests/elua/elua_lib.c index bd959ca7b1..43df108113 100644 --- a/src/tests/elua/elua_lib.c +++ b/src/tests/elua/elua_lib.c | |||
| @@ -22,6 +22,7 @@ START_TEST(elua_api) | |||
| 22 | int quit = 0; | 22 | int quit = 0; |
| 23 | cargv[0] = arg1; | 23 | cargv[0] = arg1; |
| 24 | cargv[1] = arg2; | 24 | cargv[1] = arg2; |
| 25 | char *spath = NULL; | ||
| 25 | 26 | ||
| 26 | fail_if(!elua_init()); | 27 | fail_if(!elua_init()); |
| 27 | 28 | ||
| @@ -33,18 +34,31 @@ START_TEST(elua_api) | |||
| 33 | setenv("ELUA_MODULES_DIR", "bar", 1); | 34 | setenv("ELUA_MODULES_DIR", "bar", 1); |
| 34 | setenv("ELUA_APPS_DIR", "baz", 1); | 35 | setenv("ELUA_APPS_DIR", "baz", 1); |
| 35 | elua_state_dirs_fill(st, EINA_FALSE); | 36 | elua_state_dirs_fill(st, EINA_FALSE); |
| 36 | fail_if(strcmp(elua_state_core_dir_get(st), "foo")); | 37 | |
| 37 | fail_if(strcmp(elua_state_mod_dir_get(st), "bar")); | 38 | spath = eina_file_path_sanitize("foo"); |
| 38 | fail_if(strcmp(elua_state_apps_dir_get(st), "baz")); | 39 | fail_if(strcmp(elua_state_core_dir_get(st), spath)); |
| 40 | free(spath); | ||
| 41 | spath = eina_file_path_sanitize("bar"); | ||
| 42 | fail_if(strcmp(elua_state_mod_dir_get(st), spath)); | ||
| 43 | free(spath); | ||
| 44 | spath = eina_file_path_sanitize("baz"); | ||
| 45 | fail_if(strcmp(elua_state_apps_dir_get(st), spath)); | ||
| 46 | free(spath); | ||
| 39 | unsetenv("ELUA_CORE_DIR"); | 47 | unsetenv("ELUA_CORE_DIR"); |
| 40 | unsetenv("ELUA_MODULES_DIR"); | 48 | unsetenv("ELUA_MODULES_DIR"); |
| 41 | unsetenv("ELUA_APPS_DIR"); | 49 | unsetenv("ELUA_APPS_DIR"); |
| 42 | 50 | ||
| 43 | /* now fill it properly */ | 51 | /* now fill it properly */ |
| 44 | elua_state_dirs_set(st, ELUA_CORE_DIR, ELUA_MODULES_DIR, ELUA_APPS_DIR); | 52 | elua_state_dirs_set(st, ELUA_CORE_DIR, ELUA_MODULES_DIR, ELUA_APPS_DIR); |
| 45 | fail_if(strcmp(elua_state_core_dir_get(st), ELUA_CORE_DIR)); | 53 | spath = eina_file_path_sanitize(ELUA_CORE_DIR); |
| 46 | fail_if(strcmp(elua_state_mod_dir_get(st), ELUA_MODULES_DIR)); | 54 | fail_if(strcmp(elua_state_core_dir_get(st), spath)); |
| 47 | fail_if(strcmp(elua_state_apps_dir_get(st), ELUA_APPS_DIR)); | 55 | free(spath); |
| 56 | spath = eina_file_path_sanitize(ELUA_MODULES_DIR); | ||
| 57 | fail_if(strcmp(elua_state_mod_dir_get(st), spath)); | ||
| 58 | free(spath); | ||
| 59 | spath = eina_file_path_sanitize(ELUA_APPS_DIR); | ||
| 60 | fail_if(strcmp(elua_state_apps_dir_get(st), spath)); | ||
| 61 | free(spath); | ||
| 48 | 62 | ||
| 49 | /* needed for later setup, but untestable alone */ | 63 | /* needed for later setup, but untestable alone */ |
| 50 | elua_state_include_path_add(st, ELUA_BINDINGS_DIR); | 64 | elua_state_include_path_add(st, ELUA_BINDINGS_DIR); |