summaryrefslogtreecommitdiff
path: root/src/core/wee-hook.c
diff options
context:
space:
mode:
authorSebastien Helleu <flashcode@flashtux.org>2012-11-18 10:38:30 +0100
committerSebastien Helleu <flashcode@flashtux.org>2012-11-18 10:38:30 +0100
commitefb795c74fe954b9544074aafcebb1be4452b03a (patch)
treead48e01d3a394f2e981f9534585b050e3b5889cc /src/core/wee-hook.c
parentc1389f8fe19068790d29e39c3f94b71b8c33ea03 (diff)
downloadweechat-efb795c74fe954b9544074aafcebb1be4452b03a.zip
core: do not call shell to execute command in hook_process (fix security problem when a plugin/script gives untrusted command) (bug #37764)
Diffstat (limited to 'src/core/wee-hook.c')
-rw-r--r--src/core/wee-hook.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/src/core/wee-hook.c b/src/core/wee-hook.c
index d2d77da31..5e708d0d6 100644
--- a/src/core/wee-hook.c
+++ b/src/core/wee-hook.c
@@ -1388,9 +1388,9 @@ hook_process (struct t_weechat_plugin *plugin,
void
hook_process_child (struct t_hook *hook_process)
{
- char *exec_args[4] = { "sh", "-c", NULL, NULL };
+ char **exec_args;
const char *ptr_url;
- int rc;
+ int rc, i;
/*
* close stdin, so that process will fail to read stdin (process reading
@@ -1429,10 +1429,24 @@ hook_process_child (struct t_hook *hook_process)
else
{
/* launch command */
- exec_args[2] = HOOK_PROCESS(hook_process, command);
- execvp (exec_args[0], exec_args);
+ exec_args = string_split_shell (HOOK_PROCESS(hook_process, command));
+ if (exec_args)
+ {
+ if (weechat_debug_core >= 1)
+ {
+ log_printf ("hook_process, command='%s'",
+ HOOK_PROCESS(hook_process, command));
+ for (i = 0; exec_args[i]; i++)
+ {
+ log_printf (" args[%02d] == '%s'", i, exec_args[i]);
+ }
+ }
+ execvp (exec_args[0], exec_args);
+ }
/* should not be executed if execvp was ok */
+ if (exec_args)
+ string_free_split (exec_args);
fprintf (stderr, "Error with command '%s'\n",
HOOK_PROCESS(hook_process, command));
rc = EXIT_FAILURE;