From: Glandos <bugs-github@antipoul.fr>
Date: Wed, 15 Feb 2023 22:37:13 +0000 (+0100)
Subject: Use proc_open to avoid spawning a shell
X-Git-Tag: v27.0.0beta1~385^2~2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=528e66859bdf912b422efaa5e0ba833eef939735;p=nextcloud-server.git

Use proc_open to avoid spawning a shell

The use of `exec` will spawn a shell, using `/bin/sh` on POSIX platforms. But in restricted environment, such as AppArmor, this means giving execution to `/bin/sh`, which renders the execution restriction quite useless.
Using an array with `proc_open` reduces this, and paved the way for file streaming instead of temporary file.

Signed-off-by: Glandos <bugs-github@antipoul.fr>
---

diff --git a/lib/private/Preview/Movie.php b/lib/private/Preview/Movie.php
index 486c301d987..5b188be68b7 100644
--- a/lib/private/Preview/Movie.php
+++ b/lib/private/Preview/Movie.php
@@ -125,23 +125,30 @@ class Movie extends ProviderV2 {
 		$binaryType = substr(strrchr($this->binary, '/'), 1);
 
 		if ($binaryType === 'avconv') {
-			$cmd = $this->binary . ' -y -ss ' . escapeshellarg((string)$second) .
-				' -i ' . escapeshellarg($absPath) .
-				' -an -f mjpeg -vframes 1 -vsync 1 ' . escapeshellarg($tmpPath) .
-				' 2>&1';
+            $cmd = [$this->binary, '-y', '-ss', (string)$second,
+                    '-i', $absPath,
+                    '-an', '-f', 'mjpeg', '-vframes', '1', '-vsync', '1',
+                    $tmpPath];
 		} elseif ($binaryType === 'ffmpeg') {
-			$cmd = $this->binary . ' -y -ss ' . escapeshellarg((string)$second) .
-				' -i ' . escapeshellarg($absPath) .
-				' -f mjpeg -vframes 1' .
-				' ' . escapeshellarg($tmpPath) .
-				' 2>&1';
+            $cmd = [$this->binary, '-y', '-ss', (string)$second,
+                    '-i', $absPath,
+                    '-f', 'mjpeg', '-vframes', '1',
+                    $tmpPath];
 		} else {
 			// Not supported
 			unlink($tmpPath);
 			return null;
 		}
 
-		exec($cmd, $output, $returnCode);
+		$proc = proc_open($cmd, [1 => ['pipe', 'w'], 2 => ['pipe', 'w']], $pipes);
+		$returnCode = -1;
+		$output = "";
+		if (is_resource($proc)) {
+				$stdout = trim(stream_get_contents($pipes[1]));
+				$stderr = trim(stream_get_contents($pipes[2]));
+				$returnCode = proc_close($proc);
+				$output = $stdout . $stderr;
+		}
 
 		if ($returnCode === 0) {
 			$image = new \OCP\Image();