From 22444bb2467ceeabe48c12b75ef2f6168a089b8c Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 21 Oct 2014 12:59:47 +0300 Subject: [PATCH] browser-system: Use execv() directly instead of os_exec() This allows the URL to be passed as a single argument to the program instead of getting split into multiple by os_exec(). This makes the operation more robust for cases where the URL could have been received from an external source and could potentially add extra arguments to the command line. Signed-off-by: Jouni Malinen --- src/utils/browser-system.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/src/utils/browser-system.c b/src/utils/browser-system.c index a080e2cb9..97dae4fc2 100644 --- a/src/utils/browser-system.c +++ b/src/utils/browser-system.c @@ -64,22 +64,15 @@ static void http_req(void *ctx, struct http_request *req) int hs20_web_browser(const char *url) { - char cmd[2000]; - int ret; struct http_server *http; struct in_addr addr; struct browser_data data; + pid_t pid; - wpa_printf(MSG_INFO, "Launching Android browser to %s", url); + wpa_printf(MSG_INFO, "Launching system browser to %s", url); os_memset(&data, 0, sizeof(data)); - ret = os_snprintf(cmd, sizeof(cmd), "x-www-browser '%s' &", url); - if (ret < 0 || (size_t) ret >= sizeof(cmd)) { - wpa_printf(MSG_ERROR, "Too long URL"); - return -1; - } - if (eloop_init() < 0) { wpa_printf(MSG_ERROR, "eloop_init failed"); return -1; @@ -92,14 +85,28 @@ int hs20_web_browser(const char *url) return -1; } - if (os_exec("/usr/bin/x-www-browser", url, 0) != 0) { - wpa_printf(MSG_INFO, "Failed to launch browser"); - eloop_cancel_timeout(browser_timeout, NULL, NULL); + pid = fork(); + if (pid < 0) { + perror("fork"); http_server_deinit(http); eloop_destroy(); return -1; } + if (pid == 0) { + /* run the external command in the child process */ + char *argv[3]; + + argv[0] = "browser-system"; + argv[1] = (void *) url; + argv[2] = NULL; + + execv("/usr/bin/x-www-browser", argv); + perror("execv"); + exit(0); + return -1; + } + eloop_register_timeout(120, 0, browser_timeout, &data, NULL); eloop_run(); eloop_cancel_timeout(browser_timeout, &data, NULL);