From 78a28a679bdac873dd0084377240d607e817fd7c Mon Sep 17 00:00:00 2001
From: Robbert van der Helm <mail@robbertvanderhelm.nl>
Date: Sat, 13 Feb 2021 17:53:04 +0100
Subject: [PATCH] Prevent nuking socket base dir if not temporary

If `yabridge-host.exe` were somehow to be run with a socket base
directory that's not inside of `$XDG_RUNTIME_DIR`/`/tmp`, then we'll now
warn instead of removing that directory. This should not be necessary,
but in case someone wants to write a wrapper around
`yabridge-host.exe.so` us using a custom `$WINELOADER` then this could
save a lot of headaches.
---
 CHANGELOG.md                      |  4 ++++
 src/common/communication/common.h | 24 ++++++++++++++++++------
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 24e50e10..e79ea4e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -98,6 +98,10 @@ TODO: Add an updated screenshot with some fancy VST3-only plugins to the readme
   and up. The build process now detect which version of Wine is used to build
   with, and it then applies the change conditionally to be able to support
   building with both older and newer versions of Wine.
+- `yabridge-host.exe` will no longer remove the socket directories if they're
+  outside of a temporary directory. This could otherwise cause a very unpleasant
+  surprise if someone was passing random arguments to it when for instancing
+  trying to write a wrapper around `yabridge-host.exe`.
 
 ### Fixed
 
diff --git a/src/common/communication/common.h b/src/common/communication/common.h
index a855f9c1..aacb8adf 100644
--- a/src/common/communication/common.h
+++ b/src/common/communication/common.h
@@ -16,6 +16,7 @@
 
 #pragma once
 
+#include <iostream>
 #include <mutex>
 
 #include <bitsery/adapter/buffer.h>
@@ -32,6 +33,7 @@
 #include <boost/filesystem.hpp>
 
 #include "../logging/common.h"
+#include "../utils.h"
 
 template <typename B>
 using OutputAdapter = bitsery::OutputBufferAdapter<B>;
@@ -217,12 +219,22 @@ class Sockets {
      */
     virtual ~Sockets() {
         try {
-            // TODO: Check whether `base_dir` is actually in `/tmp` or
-            //       `$XDG_RUNTIME_DIR`, don't do anything if it's not. Someone
-            //       has deleted their entire home directory while messing with
-            //       `yabridge-host.exe`'s arguments, and that sounds like
-            //       something that would be easy to prevent.
-            boost::filesystem::remove_all(base_dir);
+            // NOTE: Because someone has wiped their home directory in the past
+            //       by manually modifying the socket base directory argument
+            //       for `yabridge-host.exe` to point to their home directory
+            //       there's now a safeguard against that very thing. Hopefully
+            //       this should never be needed, but if it is, then I'm glad
+            //       we'll have it!
+            const boost::filesystem::path temp_dir = get_temporary_directory();
+            if (base_dir.string().starts_with(temp_dir.string())) {
+                boost::filesystem::remove_all(base_dir);
+            } else {
+                std::cerr << std::endl;
+                std::cerr << "WARNING: Unexpected socket base directory found, "
+                             "not removing '"
+                          << base_dir.string() << "'" << std::endl;
+                std::cerr << std::endl;
+            }
         } catch (const boost::filesystem::filesystem_error&) {
             // There should not be any filesystem errors since only one side
             // removes the files, but if we somehow can't delete the file