From 71f88120e6c55ed2cc5680483d96fcc1ea65e49f Mon Sep 17 00:00:00 2001 From: cfillion Date: Sat, 6 Jul 2024 04:12:46 -0400 Subject: [PATCH] fix arbitrary command injection in the Unix version of PlatformOpenInShellFn_DefaultImpl + Enable on non-iPhone macOS builds --- imgui.cpp | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/imgui.cpp b/imgui.cpp index cdb7d2a1eab1..f3fb6487a9d0 100644 --- a/imgui.cpp +++ b/imgui.cpp @@ -14353,11 +14353,18 @@ static void SetClipboardTextFn_DefaultImpl(void* user_data_ctx, const char* text //----------------------------------------------------------------------------- -#if defined(__APPLE__) && defined(TARGET_OS_IPHONE) && !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS) +#ifndef IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS +#if defined(__APPLE__) && TARGET_OS_IPHONE #define IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS #endif -#if defined(_WIN32) && !defined(IMGUI_DISABLE_WIN32_FUNCTIONS) && !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS) +#if defined(_WIN32) && defined(IMGUI_DISABLE_WIN32_FUNCTIONS) +#define IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS +#endif +#endif + +#ifndef IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS +#ifdef _WIN32 #include // ShellExecuteA() #ifdef _MSC_VER #pragma comment(lib, "shell32") @@ -14366,18 +14373,32 @@ static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char* path) { return (INT_PTR)::ShellExecuteA(NULL, "open", path, NULL, NULL, SW_SHOWDEFAULT) > 32; } -#elif !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS) +#else +#include +#include static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char* path) { #if __APPLE__ - const char* open_executable = "open"; + const char* args[] { "open", "--", path, NULL }; #else - const char* open_executable = "xdg-open"; + const char* args[] { "xdg-open", path, NULL }; #endif - ImGuiTextBuffer buf; - buf.appendf("%s \"%s\"", open_executable, path); - return system(buf.c_str()) != -1; + pid_t pid = fork(); + if (pid < 0) + return false; + else if (!pid) + { + execvp(args[0], const_cast(args)); + exit(-1); + } + else + { + int status; + waitpid(pid, &status, 0); + return WEXITSTATUS(status) == 0; + } } +#endif #else static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char*) { return false; } #endif // Default shell handlers