From f749953493dc03c3dd461ca4c4e6dcdb09dad191 Mon Sep 17 00:00:00 2001 From: "Rebecca N. Palmer" Date: Tue, 9 Feb 2016 23:17:41 +0000 Subject: [PATCH] Nasal security: don't break file dialogs Include the directory itself when allowing reading Don't kill the script on a denied directory read --- src/Main/util.cxx | 3 +++ src/Scripting/NasalSys.cxx | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Main/util.cxx b/src/Main/util.cxx index 523893b5b..cfc12cb5f 100644 --- a/src/Main/util.cxx +++ b/src/Main/util.cxx @@ -101,6 +101,8 @@ void fgInitAllowedPaths() #endif read_allowed_paths.push_back(fg_root + sep + "*"); read_allowed_paths.push_back(fg_home + sep + "*"); + read_allowed_paths.push_back(fg_root); + read_allowed_paths.push_back(fg_home); string_list const aircraft_paths = globals->get_aircraft_paths(); string_list const scenery_paths = globals->get_secure_fg_scenery(); // not plain fg_scenery, to avoid making @@ -124,6 +126,7 @@ void fgInitAllowedPaths() exit(-1); } read_allowed_paths.push_back(SGPath(*it).realpath() + sep + "*"); + read_allowed_paths.push_back(SGPath(*it).realpath()); } } diff --git a/src/Scripting/NasalSys.cxx b/src/Scripting/NasalSys.cxx index dcd996540..e5174c315 100644 --- a/src/Scripting/NasalSys.cxx +++ b/src/Scripting/NasalSys.cxx @@ -581,7 +581,7 @@ static naRef f_directory(naContext c, naRef me, int argc, naRef* args) naStr_data(args[0]) << "' denied (unauthorized directory - authorization" " no longer follows symlinks; to authorize reading additional " "directories, add them to --fg-aircraft)"); - naRuntimeError(c, "directory(): access denied (unauthorized directory)"); + // to avoid breaking dialogs, pretend it doesn't exist rather than erroring out return naNil(); } -- 2.39.5