01: elua lib: sanitize all file paths before writing them

Daniel Kolesa Tue, 09 Jun 2015 06:04:52 -0700

q66 pushed a commit to branch master.

http://git.enlightenment.org/core/efl.git/commit/?id=b90c1bf90e67f1838152185dce5a270f3f824f6b


commit b90c1bf90e67f1838152185dce5a270f3f824f6b
Author: Daniel Kolesa <d.kol...@osg.samsung.com>
Date:   Tue Jun 9 14:01:25 2015 +0100

    elua lib: sanitize all file paths before writing them
    
    This will prevent random nonsense from being written in.
    
    It changes semantics slightly (documented) and also fixes
    CID 1267463.
    
    @fix
---
 src/lib/elua/Elua.h       |  8 ++++++++
 src/lib/elua/elua.c       | 48 ++++++++++++++++++++++++++++++++++++++++-------
 src/tests/elua/elua_lib.c | 26 +++++++++++++++++++------
 3 files changed, 69 insertions(+), 13 deletions(-)

diff --git a/src/lib/elua/Elua.h b/src/lib/elua/Elua.h
index d960cf5..4c0f9cb 100644
--- a/src/lib/elua/Elua.h
+++ b/src/lib/elua/Elua.h
@@ -187,6 +187,9 @@ EAPI void elua_state_free(Elua_State *es);
  * split the setting into multiple calls. By the time of state use all need
  * to be set.
  *
+ * Also, all the paths will be sanitized before setting by calling
+ * @ref eina_file_path_sanitize on them.
+ *
  * @param[in] es The Elua state.
  * @param[in] core The core path.
  * @param[in] mods The modules path.
@@ -212,6 +215,9 @@ EAPI void elua_state_dirs_set(Elua_State *es, const char 
*core,
  * they will expand to DATADIR/core, DATADIR/modules and DATADIR/apps, where
  * DATADIR is typically something like /usr/share/elua.
  *
+ * Also, all the paths will be sanitized before setting by calling
+ * @ref eina_file_path_sanitize on them.
+ *
  * @param[in] es The Elua state.
  * @param[in] ignore_env If set to EINA_TRUE, this ignores the env vars.
  *
@@ -262,6 +268,8 @@ EAPI Eina_Stringshare *elua_state_prog_name_get(const 
Elua_State *es);
 /**
  * @brief Add another path to look up modules in to the state.
  *
+ * The path will be sanitized using @ref eina_file_path_sanitize.
+ *
  * @param[in] es The Elua state.
  *
  * @ingroup Elua
diff --git a/src/lib/elua/elua.c b/src/lib/elua/elua.c
index a7c86f9..0056cf0 100644
--- a/src/lib/elua/elua.c
+++ b/src/lib/elua/elua.c
@@ -108,10 +108,29 @@ EAPI void
 elua_state_dirs_set(Elua_State *es, const char *core, const char *mods,
                     const char *apps)
 {
+   char *spath = NULL;
    EINA_SAFETY_ON_NULL_RETURN(es);
-   if (core) es->coredir = eina_stringshare_add(core);
-   if (mods) es->moddir  = eina_stringshare_add(mods);
-   if (apps) es->appsdir = eina_stringshare_add(apps);
+   if (core)
+     {
+        eina_stringshare_del(es->coredir);
+        spath = eina_file_path_sanitize(core);
+        es->coredir = eina_stringshare_add(spath);
+        free(spath);
+     }
+   if (mods)
+     {
+        eina_stringshare_del(es->moddir);
+        spath = eina_file_path_sanitize(mods);
+        es->moddir = eina_stringshare_add(spath);
+        free(spath);
+     }
+   if (apps)
+     {
+        eina_stringshare_del(es->appsdir);
+        spath = eina_file_path_sanitize(apps);
+        es->appsdir = eina_stringshare_add(spath);
+        free(spath);
+     }
 }
 
 EAPI void
@@ -128,7 +147,11 @@ elua_state_dirs_fill(Elua_State *es, Eina_Bool ignore_env)
              snprintf(coredirbuf, sizeof(coredirbuf), "%s/core",
                       eina_prefix_data_get(_elua_pfx));
           }
-        if (coredir) es->coredir = eina_stringshare_add(coredir);
+        if (coredir) {
+            char *sdir = eina_file_path_sanitize(coredir);
+            es->coredir = eina_stringshare_add(sdir);
+            free(sdir);
+        }
      }
    if (!(moddir = es->moddir))
      {
@@ -138,7 +161,11 @@ elua_state_dirs_fill(Elua_State *es, Eina_Bool ignore_env)
              snprintf(moddirbuf, sizeof(moddirbuf), "%s/modules",
                       eina_prefix_data_get(_elua_pfx));
           }
-        if (moddir) es->moddir = eina_stringshare_add(moddir);
+        if (moddir) {
+            char *sdir = eina_file_path_sanitize(moddir);
+            es->moddir = eina_stringshare_add(sdir);
+            free(sdir);
+        }
      }
    if (!(appsdir = es->appsdir))
      {
@@ -148,7 +175,11 @@ elua_state_dirs_fill(Elua_State *es, Eina_Bool ignore_env)
              snprintf(appsdirbuf, sizeof(appsdirbuf), "%s/apps",
                       eina_prefix_data_get(_elua_pfx));
           }
-        if (appsdir) es->appsdir = eina_stringshare_add(appsdir);
+        if (appsdir) {
+            char *sdir = eina_file_path_sanitize(appsdir);
+            es->appsdir = eina_stringshare_add(sdir);
+            free(sdir);
+        }
      }
 }
 
@@ -183,10 +214,13 @@ elua_state_prog_name_get(const Elua_State *es)
 EAPI void
 elua_state_include_path_add(Elua_State *es, const char *path)
 {
+   char *spath = NULL;
    EINA_SAFETY_ON_NULL_RETURN(es);
    EINA_SAFETY_ON_NULL_RETURN(path);
    EINA_SAFETY_ON_FALSE_RETURN(path[0]);
-   es->lincs = eina_list_append(es->lincs, eina_stringshare_add(path));
+   spath = eina_file_path_sanitize(path);
+   es->lincs = eina_list_append(es->lincs, eina_stringshare_add(spath));
+   free(spath);
 }
 
 EAPI Eina_Bool
diff --git a/src/tests/elua/elua_lib.c b/src/tests/elua/elua_lib.c
index bd959ca..43df108 100644
--- a/src/tests/elua/elua_lib.c
+++ b/src/tests/elua/elua_lib.c
@@ -22,6 +22,7 @@ START_TEST(elua_api)
     int quit = 0;
     cargv[0] = arg1;
     cargv[1] = arg2;
+    char *spath = NULL;
 
     fail_if(!elua_init());
 
@@ -33,18 +34,31 @@ START_TEST(elua_api)
     setenv("ELUA_MODULES_DIR", "bar", 1);
     setenv("ELUA_APPS_DIR", "baz", 1);
     elua_state_dirs_fill(st, EINA_FALSE);
-    fail_if(strcmp(elua_state_core_dir_get(st), "foo"));
-    fail_if(strcmp(elua_state_mod_dir_get(st), "bar"));
-    fail_if(strcmp(elua_state_apps_dir_get(st), "baz"));
+
+    spath = eina_file_path_sanitize("foo");
+    fail_if(strcmp(elua_state_core_dir_get(st), spath));
+    free(spath);
+    spath = eina_file_path_sanitize("bar");
+    fail_if(strcmp(elua_state_mod_dir_get(st), spath));
+    free(spath);
+    spath = eina_file_path_sanitize("baz");
+    fail_if(strcmp(elua_state_apps_dir_get(st), spath));
+    free(spath);
     unsetenv("ELUA_CORE_DIR");
     unsetenv("ELUA_MODULES_DIR");
     unsetenv("ELUA_APPS_DIR");
 
     /* now fill it properly */
     elua_state_dirs_set(st, ELUA_CORE_DIR, ELUA_MODULES_DIR, ELUA_APPS_DIR);
-    fail_if(strcmp(elua_state_core_dir_get(st), ELUA_CORE_DIR));
-    fail_if(strcmp(elua_state_mod_dir_get(st), ELUA_MODULES_DIR));
-    fail_if(strcmp(elua_state_apps_dir_get(st), ELUA_APPS_DIR));
+    spath = eina_file_path_sanitize(ELUA_CORE_DIR);
+    fail_if(strcmp(elua_state_core_dir_get(st), spath));
+    free(spath);
+    spath = eina_file_path_sanitize(ELUA_MODULES_DIR);
+    fail_if(strcmp(elua_state_mod_dir_get(st), spath));
+    free(spath);
+    spath = eina_file_path_sanitize(ELUA_APPS_DIR);
+    fail_if(strcmp(elua_state_apps_dir_get(st), spath));
+    free(spath);
 
     /* needed for later setup, but untestable alone */
     elua_state_include_path_add(st, ELUA_BINDINGS_DIR);

--

[EGIT] [core/efl] master 01/01: elua lib: sanitize all file paths before writing them

Reply via email to