From 2c609b1d5fe0b003659eaa15f4e33fff545c8b4f Mon Sep 17 00:00:00 2001 From: Glenn Smith Date: Fri, 5 Jan 2018 19:59:44 -0500 Subject: [PATCH] Fix buffer overflows in RegisterCommand on mac (#99) --- src/discord_register_osx.m | 47 ++++++++++++-------------------------- 1 file changed, 15 insertions(+), 32 deletions(-) diff --git a/src/discord_register_osx.m b/src/discord_register_osx.m index ce481a8..d710102 100644 --- a/src/discord_register_osx.m +++ b/src/discord_register_osx.m @@ -5,45 +5,28 @@ #include "discord_register.h" -static bool Mkdir(const char* path) -{ - int result = mkdir(path, 0755); - if (result == 0) { - return true; - } - if (errno == EEXIST) { - return true; - } - return false; -} - static void RegisterCommand(const char* applicationId, const char* command) { // There does not appear to be a way to register arbitrary commands on OSX, so instead we'll save the command // to a file in the Discord config path, and when it is needed, Discord can try to load the file there, open // the command therein (will pass to js's window.open, so requires a url-like thing) - const char* home = getenv("HOME"); + // Note: will not work for sandboxed apps + NSString *home = NSHomeDirectory(); if (!home) { return; } - char path[2048]; - sprintf(path, "%s/Library/Application Support/discord", home); - Mkdir(path); - strcat(path, "/games"); - Mkdir(path); - strcat(path, "/"); - strcat(path, applicationId); - strcat(path, ".json"); + NSString *path = [[[[[[home stringByAppendingPathComponent:@"Library"] + stringByAppendingPathComponent:@"Application Support"] + stringByAppendingPathComponent:@"discord"] + stringByAppendingPathComponent:@"games"] + stringByAppendingPathComponent:[NSString stringWithUTF8String:applicationId]] + stringByAppendingPathExtension:@"json"]; + [[NSFileManager defaultManager] createDirectoryAtPath:[path stringByDeletingLastPathComponent] withIntermediateDirectories:YES attributes:nil error:nil]; - FILE* f = fopen(path, "w"); - if (f) { - char jsonBuffer[2048]; - int len = snprintf(jsonBuffer, sizeof(jsonBuffer), "{\"command\": \"%s\"}", command); - fwrite(jsonBuffer, (size_t)len, 1, f); - fclose(f); - } + NSString *jsonBuffer = [NSString stringWithFormat:@"{\"command\": \"%s\"}", command]; + [jsonBuffer writeToFile:path atomically:NO encoding:NSUTF8StringEncoding error:nil]; } static void RegisterURL(const char* applicationId) @@ -83,15 +66,15 @@ void Discord_Register(const char* applicationId, const char* command) } else { // raii lite - void* pool = [[NSAutoreleasePool alloc] init]; - RegisterURL(applicationId); - [(id)pool drain]; + @autoreleasepool { + RegisterURL(applicationId); + } } } void Discord_RegisterSteamGame(const char* applicationId, const char* steamId) { char command[256]; - sprintf(command, "steam://rungameid/%s", steamId); + snprintf(command, 256, "steam://rungameid/%s", steamId); Discord_Register(applicationId, command); }