browser-system: Use execv() directly instead of os_exec()

This allows the URL to be passed as a single argument to the program
instead of getting split into multiple by os_exec(). This makes the
operation more robust for cases where the URL could have been received
from an external source and could potentially add extra arguments to the
command line.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

src/utils/browser-system.c

@@ -64,22 +64,15 @@ static void http_req(void *ctx, struct http_request *req)
 
 int hs20_web_browser(const char *url)
 {
-	char cmd[2000];
-	int ret;
 	struct http_server *http;
 	struct in_addr addr;
 	struct browser_data data;
+	pid_t pid;
 
-	wpa_printf(MSG_INFO, "Launching Android browser to %s", url);
+	wpa_printf(MSG_INFO, "Launching system browser to %s", url);
 
 	os_memset(&data, 0, sizeof(data));
 
-	ret = os_snprintf(cmd, sizeof(cmd), "x-www-browser '%s' &", url);
-	if (ret < 0 || (size_t) ret >= sizeof(cmd)) {
-		wpa_printf(MSG_ERROR, "Too long URL");
-		return -1;
-	}
-
 	if (eloop_init() < 0) {
 		wpa_printf(MSG_ERROR, "eloop_init failed");
 		return -1;
@@ -92,14 +85,28 @@ int hs20_web_browser(const char *url)
 		return -1;
 	}
 
-	if (os_exec("/usr/bin/x-www-browser", url, 0) != 0) {
-		wpa_printf(MSG_INFO, "Failed to launch browser");
-		eloop_cancel_timeout(browser_timeout, NULL, NULL);
+	pid = fork();
+	if (pid < 0) {
+		perror("fork");
 		http_server_deinit(http);
 		eloop_destroy();
 		return -1;
 	}
 
+	if (pid == 0) {
+		/* run the external command in the child process */
+		char *argv[3];
+
+		argv[0] = "browser-system";
+		argv[1] = (void *) url;
+		argv[2] = NULL;
+
+		execv("/usr/bin/x-www-browser", argv);
+		perror("execv");
+		exit(0);
+		return -1;
+	}
+
 	eloop_register_timeout(120, 0, browser_timeout, &data, NULL);
 	eloop_run();
 	eloop_cancel_timeout(browser_timeout, &data, NULL);