From a3c1e806a94555d606c5f634dd9d2d19fbc0fce9 Mon Sep 17 00:00:00 2001 From: Jonathan Moore Liles Date: Mon, 15 Apr 2013 17:06:34 -0700 Subject: [PATCH] NSM: Disallow adding clients by path name. --- session-manager/src/nsmd.C | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/session-manager/src/nsmd.C b/session-manager/src/nsmd.C index f2163c1..c2fd780 100644 --- a/session-manager/src/nsmd.C +++ b/session-manager/src/nsmd.C @@ -755,7 +755,7 @@ OSC_HANDLER( add ) { if ( ! session_path ) { - osc_server->send( lo_message_get_source( msg ), path, + osc_server->send( lo_message_get_source( msg ), "/error", path, ERR_NO_SESSION_OPEN, "Cannot add to session because no session is loaded." ); @@ -763,15 +763,23 @@ OSC_HANDLER( add ) return 0; } + if ( strchr( &argv[0]->s, '/' ) ) + { + osc_server->send( lo_message_get_source( msg ), "/error", path, + ERR_LAUNCH_FAILED, + "Absolute paths are not permitted. Clients must be in $PATH" ); + return 0; + } + if ( ! launch( &argv[0]->s, NULL ) ) { - osc_server->send( lo_message_get_source( msg ), path, + osc_server->send( lo_message_get_source( msg ), "/error", path, ERR_LAUNCH_FAILED, "Failed to launch process!" ); } else { - osc_server->send( lo_message_get_source( msg ), path, + osc_server->send( lo_message_get_source( msg ), "/reply", path, ERR_OK, "Launched." ); } @@ -2263,7 +2271,7 @@ int main(int argc, char *argv[]) osc_server->add_method( "/nsm/server/duplicate", "s", OSC_NAME( duplicate ), NULL, "" ); osc_server->add_method( "/nsm/server/abort", "", OSC_NAME( abort ), NULL, "" ); osc_server->add_method( "/nsm/server/list", "", OSC_NAME( list ), NULL, "" ); - osc_server->add_method( "/nsm/server/add", "s", OSC_NAME( add ), NULL, "commandline" ); + osc_server->add_method( "/nsm/server/add", "s", OSC_NAME( add ), NULL, "executable_name" ); osc_server->add_method( "/nsm/server/new", "s", OSC_NAME( new ), NULL, "name" ); osc_server->add_method( "/nsm/server/save", "", OSC_NAME( save ), NULL, "" ); osc_server->add_method( "/nsm/server/open", "s", OSC_NAME( open ), NULL, "name" );