diff options
author | Sebastien Helleu <flashcode@flashtux.org> | 2012-11-18 10:38:30 +0100 |
---|---|---|
committer | Sebastien Helleu <flashcode@flashtux.org> | 2012-11-18 10:38:30 +0100 |
commit | efb795c74fe954b9544074aafcebb1be4452b03a (patch) | |
tree | ad48e01d3a394f2e981f9534585b050e3b5889cc /src/core/wee-hook.c | |
parent | c1389f8fe19068790d29e39c3f94b71b8c33ea03 (diff) | |
download | weechat-efb795c74fe954b9544074aafcebb1be4452b03a.zip |
core: do not call shell to execute command in hook_process (fix security problem when a plugin/script gives untrusted command) (bug #37764)
Diffstat (limited to 'src/core/wee-hook.c')
-rw-r--r-- | src/core/wee-hook.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/core/wee-hook.c b/src/core/wee-hook.c index d2d77da31..5e708d0d6 100644 --- a/src/core/wee-hook.c +++ b/src/core/wee-hook.c @@ -1388,9 +1388,9 @@ hook_process (struct t_weechat_plugin *plugin, void hook_process_child (struct t_hook *hook_process) { - char *exec_args[4] = { "sh", "-c", NULL, NULL }; + char **exec_args; const char *ptr_url; - int rc; + int rc, i; /* * close stdin, so that process will fail to read stdin (process reading @@ -1429,10 +1429,24 @@ hook_process_child (struct t_hook *hook_process) else { /* launch command */ - exec_args[2] = HOOK_PROCESS(hook_process, command); - execvp (exec_args[0], exec_args); + exec_args = string_split_shell (HOOK_PROCESS(hook_process, command)); + if (exec_args) + { + if (weechat_debug_core >= 1) + { + log_printf ("hook_process, command='%s'", + HOOK_PROCESS(hook_process, command)); + for (i = 0; exec_args[i]; i++) + { + log_printf (" args[%02d] == '%s'", i, exec_args[i]); + } + } + execvp (exec_args[0], exec_args); + } /* should not be executed if execvp was ok */ + if (exec_args) + string_free_split (exec_args); fprintf (stderr, "Error with command '%s'\n", HOOK_PROCESS(hook_process, command)); rc = EXIT_FAILURE; |