From 74356e84f70c7c6504fd6711b8e3272184c6ad56 Mon Sep 17 00:00:00 2001
From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
Date: Sat, 6 Feb 2016 21:26:05 +0000
Subject: [PATCH] Nasal security: make directory() use fgValidatePath

Being able to list arbitrary directories is a privacy violation;
existing in-fgdata uses of this are all permitted paths
(i.e. not Terrasync; FileSelector doesn't use it)
---
 src/Scripting/NasalSys.cxx | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/Scripting/NasalSys.cxx b/src/Scripting/NasalSys.cxx
index 1a320d567..dcd996540 100644
--- a/src/Scripting/NasalSys.cxx
+++ b/src/Scripting/NasalSys.cxx
@@ -574,8 +574,19 @@ static naRef f_directory(naContext c, naRef me, int argc, naRef* args)
 {
     if(argc != 1 || !naIsString(args[0]))
         naRuntimeError(c, "bad arguments to directory()");
-    
-    simgear::Dir d(SGPath(naStr_data(args[0])));
+
+    std::string dirname = fgValidatePath(naStr_data(args[0]), false);
+    if(dirname.empty()) {
+        SG_LOG(SG_NASAL, SG_ALERT, "directory(): listing '" <<
+        naStr_data(args[0]) << "' denied (unauthorized directory - authorization"
+        " no longer follows symlinks; to authorize reading additional "
+        "directories, add them to --fg-aircraft)");
+        naRuntimeError(c, "directory(): access denied (unauthorized directory)");
+        return naNil();
+    }
+
+    SGPath d0(dirname);
+    simgear::Dir d(d0);
     if(!d.exists()) return naNil();
     naRef result = naNewVector(c);
 
-- 
2.39.5