From: Bastien Nocera <hadess@xxxxxxxxxx>
Instead of trying to do it by hand. This also makes sure that
relative paths aren't used by the agent.
[Emil Velikov]
Originally this patch was posted in 2013, but deferred since bluez was
planning to move away from glib. Presently there's no obvious action
towards that goal, so I think we can safely land this.
As mentioned by the author, current code allows for relative paths and
considering that obexd service runs without meaningful sandboxing and on
some distributions it is ran as root, we should plug the whole before
anyone (ab)uses it.
---
obexd/src/manager.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/obexd/src/manager.c b/obexd/src/manager.c
index 73fd6b9af..cc1de7ae2 100644
--- a/obexd/src/manager.c
+++ b/obexd/src/manager.c
@@ -644,18 +644,13 @@ static void agent_reply(DBusPendingCall *call, void *user_data)
DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID)) {
/* Splits folder and name */
- const char *slash = strrchr(name, '/');
+ gboolean is_relative = !g_path_is_absolute(name);
DBG("Agent replied with %s", name);
- if (!slash) {
- agent->new_name = g_strdup(name);
+ agent->new_name = g_path_get_basename(name);
+ if (is_relative)
agent->new_folder = NULL;
- } else {
- if (strlen(slash) == 1)
- agent->new_name = NULL;
- else
- agent->new_name = g_strdup(slash + 1);
- agent->new_folder = g_strndup(name, slash - name);
- }
+ else
+ agent->new_folder = g_path_get_dirname(name);
}
dbus_message_unref(reply);
--
2.43.0
