fix arbitrary command injection in the Unix version of PlatformOpenIn…

…ShellFn_DefaultImpl + Enable on non-iPhone macOS builds
ocornut · Jul 6, 2024 · b090e75 · b090e75
1 parent 2d0baaa
commit b090e75
Showing 1 changed file with 19 additions and 6 deletions.
diff --git a/imgui.cpp b/imgui.cpp
@@ -14353,7 +14353,7 @@ static void SetClipboardTextFn_DefaultImpl(void* user_data_ctx, const char* text
 
 //-----------------------------------------------------------------------------
 
-#if defined(__APPLE__) && defined(TARGET_OS_IPHONE) && !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
+#if defined(__APPLE__) && TARGET_OS_IPHONE && !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
 #define IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS
 #endif
 
@@ -14367,16 +14367,29 @@ static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char* path)
     return (INT_PTR)::ShellExecuteA(NULL, "open", path, NULL, NULL, SW_SHOWDEFAULT) > 32;
 }
 #elif !defined(IMGUI_DISABLE_DEFAULT_SHELL_FUNCTIONS)
+#include <sys/wait.h>
+#include <unistd.h>
 static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char* path)
 {
 #if __APPLE__
-    const char* open_executable = "open";
+    const char* args[] { "open", "--", path, NULL };
 #else
-    const char* open_executable = "xdg-open";
+    const char* args[] { "xdg-open", path, NULL };
 #endif
-    ImGuiTextBuffer buf;
-    buf.appendf("%s \"%s\"", open_executable, path);
-    return system(buf.c_str()) != -1;
+    pid_t pid = fork();
+    if (pid < 0)
+        return false;
+    else if (!pid)
+    {
+        execvp(args[0], const_cast<char **>(args));
+        exit(-1);
+    }
+    else
+    {
+        int status;
+        waitpid(pid, &status, 0);
+        return status == 0;
+    }
 }
 #else
 static bool PlatformOpenInShellFn_DefaultImpl(ImGuiContext*, const char*) { return false; }