From 3b9eda53cc20e851c4456618f027bc9ea794ad30 Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Thu, 18 Jun 2020 12:36:04 +0200
Subject: [PATCH] CVE-2019-13033 - Discovered by Sander Bos

---
 include/data_upload | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/include/data_upload b/include/data_upload
index 6718d6d3..eae2b5cc 100644
--- a/include/data_upload
+++ b/include/data_upload
@@ -77,6 +77,10 @@
         ExitFatal
     else
         Output "License key = ${LICENSE_KEY}"
+        # Create a temporary file to use during upload (prevent license key being displayed in process table)
+        CreateTempFile || ExitFatal
+        LICENSE_KEY_FILE="${TEMP_FILE}"
+        echo "${LICENSE_KEY}" | ${TRBINARY} -cd '[a-f0-9-]' > ${LICENSE_KEY_FILE}
     fi
 
 
@@ -129,8 +133,9 @@
 
         # License check
 
-        LogText "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "collector_version=${PROGRAM_VERSION}" ${LICENSE_SERVER_URL} 2> /dev/null"
-        UPLOAD=$(${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "collector_version=${PROGRAM_VERSION}" ${LICENSE_SERVER_URL} 2> /dev/null)
+        LogText "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "licensekey@${LICENSE_KEY_FILE}" --data-urlencode "collector_version=${PROGRAM_VERSION}" ${LICENSE_SERVER_URL} 2> /dev/null"
+        UPLOAD=$(${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "licensekey@${LICENSE_KEY_FILE}" --data-urlencode "collector_version=${PROGRAM_VERSION}" ${LICENSE_SERVER_URL} 2> /dev/null)
+
         EXITCODE=$?
         LogText "Exit code: ${EXITCODE}"
         if [ ${EXITCODE} -gt 0 ]; then
@@ -225,10 +230,10 @@
             Output "${WHITE}Found hostid: ${HOSTID}${NORMAL}"
             # Try to connect
             Output "Uploading data.."
-            LogText "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey=${LICENSE_KEY}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}"
-            LogText "Tip: try running ${CURLBINARY}${CURL_OPTIONS} --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey=${LICENSE_KEY}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}"
+            LogText "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey@${LICENSE_KEY_FILE}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}"
+            LogText "Tip: try running ${CURLBINARY}${CURL_OPTIONS} --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey@${LICENSE_KEY_FILE}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}"
             LogText "Tip: to just retry an upload, use: lynis upload-only"
-            UPLOAD=$(${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "data@${REPORTFILE}" --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "hostid=${HOSTID}" --data-urlencode "hostid2=${HOSTID2}" ${UPLOAD_URL} 2> /dev/null)
+            UPLOAD=$(${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "data@${REPORTFILE}" --data-urlencode "licensekey@${LICENSE_KEY_FILE}" --data-urlencode "hostid=${HOSTID}" --data-urlencode "hostid2=${HOSTID2}" ${UPLOAD_URL} 2> /dev/null)
             EXITCODE=$?
             LogText "Exit code: ${EXITCODE}"
             if [ ${EXITCODE} -gt 0 ]; then