search

klange / toaruos

A completely-from-scratch hobby operating system: bootloader, kernel, drivers, C library, and userspace including a composited graphical UI, dynamic linker, syntax-highlighting text editor, network stack, etc.
https://toaruos.org/
University of Illinois/NCSA Open Source License
6.03k stars 475 forks source link

Null pointer due to insufficient permissions in weather-configurator. #241

Open liyansong2018 opened 2 years ago

liyansong2018 commented 2 years ago

Hi

If we run weather-configurator with normal permissions, the program will crash due to null pointer.

bug

Bug

FILE * f = fopen("/etc/weather.json", "w");
fprintf(f, "{\n");
klange commented 2 years ago

As per my comment on your pull request, a reasonable quick fix for the common scenario is to require root:

diff --git a/apps/weather-configurator.c b/apps/weather-configurator.c
index d5169d8f..77653605 100644
--- a/apps/weather-configurator.c
+++ b/apps/weather-configurator.c
@@ -9,6 +9,7 @@
  * Copyright (C) 2018-2021 K. Lange
  */
 #include <stdio.h>
+#include <unistd.h>
 #include <toaru/json.h>
 #include <toaru/hashmap.h>
 #include <toaru/list.h>
@@ -16,6 +17,10 @@
 typedef struct JSON_Value Value;

 int main(int argc, char * argv[]) {
+   if (getuid() != 0) {
+       fprintf(stderr, "%s: this tool should be run as root\n", argv[0]);
+       return 1;
+   }

    Value * config = json_parse_file("/etc/weather.json");
    if (config) {

Root may still encounter errors trying to open the configuration file, though - such as when the filesystem is read-only, so this isn't a complete solution and the error check from fopen is still worthwhile.

However, I would prefer to just implement a GUI config tool for this, as it's meant to be launched from the menu on the panel widget and opening a terminal to enter config settings is somewhat silly.