OS Command Injection in cmd_tuner_scan_channels_save #75
Description
The server code uses system() to create directories using unsanitized paths derived from configuration or environment variables.
// libdvbtee_server/serve.cpp ~line 1195
char cmd_buf[32] = { 0 };
// 'dir' is unsanitized. If dir contains "; rm -rf /", it executes.
sprintf(cmd_buf, "mkdir -p %s", dir);
if (system(cmd_buf) < 0) { ... }
This allows command injection if the HOME environment variable or channels.conf is modified.
Consider fixing: Avoid system(). Use the native mkdir() syscall instead.
#include <sys/stat.h>
// ...
mkdir(dir, 0755);