diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c index 8a7b849f93..014c8d3085 100644 --- a/sway/commands/ipc.c +++ b/sway/commands/ipc.c @@ -18,8 +18,11 @@ struct cmd_results *cmd_ipc(int argc, char **argv) { return error; } - const char *program = argv[0]; + char *program = NULL; + if (!(program = resolve_path(argv[0]))) { + return NULL; + } if (config->reading && strcmp("{", argv[1]) != 0) { return cmd_results_new(CMD_INVALID, "ipc", "Expected '{' at start of IPC config definition."); @@ -32,6 +35,7 @@ struct cmd_results *cmd_ipc(int argc, char **argv) { current_policy = alloc_ipc_policy(program); list_add(config->ipc_policies, current_policy); + free(program); return cmd_results_new(CMD_BLOCK_IPC, NULL, NULL); } diff --git a/sway/security.c b/sway/security.c index e70def26f0..79ff0563c9 100644 --- a/sway/security.c +++ b/sway/security.c @@ -6,29 +6,30 @@ #include #include "sway/config.h" #include "sway/security.h" +#include "util.h" #include "log.h" -static bool validate_ipc_target(const char *name) { +static bool validate_ipc_program_target(const char *program) { struct stat sb; - if (!strcmp(name, "*")) { + if (!strcmp(program, "*")) { return true; } - if (lstat(name, &sb) == -1) { + if (lstat(program, &sb) == -1) { goto failed; } if (!S_ISREG(sb.st_mode)) { sway_log(L_ERROR, "IPC target '%s' MUST be/point at an existing regular file", - name); + program); goto failed; } if (sb.st_uid != 0) { - sway_log(L_ERROR, "IPC target '%s' MUST be owned by root", name); + sway_log(L_ERROR, "IPC target '%s' MUST be owned by root", program); goto failed; } if (sb.st_mode & S_IWOTH) { - sway_log(L_ERROR, "IPC target '%s' MUST NOT be world writable", name); + sway_log(L_ERROR, "IPC target '%s' MUST NOT be world writable", program); goto failed; } @@ -38,11 +39,10 @@ static bool validate_ipc_target(const char *name) { return false; } -struct feature_policy *alloc_feature_policy(const char *name) { +struct feature_policy *alloc_feature_policy(const char *program) { uint32_t default_policy = 0; - char *program = NULL; - if (!validate_ipc_target(name)) { + if (!validate_ipc_program_target(program)) { return NULL; } for (int i = 0; i < config->feature_policies->length; ++i) { @@ -62,20 +62,17 @@ struct feature_policy *alloc_feature_policy(const char *name) { goto failed; } policy->features = default_policy; - free(program); return policy; failed: - free(program); free(policy); return NULL; } -struct ipc_policy *alloc_ipc_policy(const char *name) { +struct ipc_policy *alloc_ipc_policy(const char *program) { uint32_t default_policy = 0; - char *program = NULL; - if (!validate_ipc_target(name)) { + if (!validate_ipc_program_target(program)) { return NULL; } for (int i = 0; i < config->ipc_policies->length; ++i) { @@ -95,11 +92,9 @@ struct ipc_policy *alloc_ipc_policy(const char *name) { goto failed; } policy->features = default_policy; - free(program); return policy; failed: - free(program); free(policy); return NULL; } @@ -148,20 +143,26 @@ static const char *get_pid_exe(pid_t pid) { struct feature_policy *get_feature_policy(const char *name) { struct feature_policy *policy = NULL; + char *program = NULL; + + if (!(program = resolve_path (name))) { + sway_abort ("Unable to allocate security policy"); + } for (int i = 0; i < config->feature_policies->length; ++i) { struct feature_policy *p = config->feature_policies->items[i]; - if (strcmp (p->program, name) == 0) { + if (strcmp (p->program, program) == 0) { policy = p; break; } } if (!policy) { - policy = alloc_feature_policy (name); + policy = alloc_feature_policy (program); if (!policy) { sway_abort ("Unable to allocate security policy"); } list_add (config->feature_policies, policy); } + free(program); return policy; }