summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonathon Jongsma <jjongsma@redhat.com>2017-10-25 10:33:11 -0500
committerJonathon Jongsma <jjongsma@redhat.com>2017-11-16 11:14:41 -0600
commit8ba174816d245757e743e636df357910e1d5eb61 (patch)
tree03f447728dcebf298d07ec499bcb79c198b1b1cb
parente5bfb1be15fce334a38268daa8d5f7765b680209 (diff)
Quote the save directory before passing to shell
Thanks to a report from Seth Arnold <seth.arnold@canonial.com>: - vdagent_file_xfers_data() does not escape xfers->save_dir before giving it to the shell - vdagent_file_xfers_data() does not check snprintf() return code; a too-long xfers->save_dir could cause the & or ' or any number of other characters to go missing. To fix these issues, we use g_spawn_async(). This avoids the need to quote the filename and also avoids the snprintf issue. In the case that the spawn fails, we also print a warning to the syslog now. Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Acked-by: Frediano Ziglio <fziglio@redhat.com>
-rw-r--r--src/vdagent/file-xfers.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/src/vdagent/file-xfers.c b/src/vdagent/file-xfers.c
index 4d76003..6461d05 100644
--- a/src/vdagent/file-xfers.c
+++ b/src/vdagent/file-xfers.c
@@ -336,9 +336,16 @@ void vdagent_file_xfers_data(struct vdagent_file_xfers *xfers,
if (xfers->open_save_dir &&
task->file_xfer_nr == task->file_xfer_total &&
g_hash_table_size(xfers->xfers) == 1) {
- char buf[PATH_MAX];
- snprintf(buf, PATH_MAX, "xdg-open '%s'&", xfers->save_dir);
- status = system(buf);
+ GError *error = NULL;
+ gchar *argv[] = { "xdg-open", xfers->save_dir, NULL };
+ if (!g_spawn_async(NULL, argv, NULL,
+ G_SPAWN_SEARCH_PATH,
+ NULL, NULL, NULL, &error)) {
+ syslog(LOG_WARNING,
+ "file-xfer: failed to open save directory: %s",
+ error->message);
+ g_error_free(error);
+ }
}
status = VD_AGENT_FILE_XFER_STATUS_SUCCESS;
} else {