2013-10-10 Ramon Novoa <rnovoa@artica.es>

* src/expand_command.cc,
	  src/expand_command.hh: Patched to avoid command injections.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8883 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

extras/anytermd/ChangeLog

@@ -1,3 +1,8 @@
+2013-10-10  Ramon Novoa  <rnovoa@artica.es>
+
+	* src/expand_command.cc,
+	  src/expand_command.hh: Patched to avoid command injections.
+
 2012-05-04  Sancho Lerena <slerena@artica.es>
 
         * anytermd.suse.spec: Added specific spec for SUSE. Tested on a

extras/anytermd/src/expand_command.cc

@@ -20,6 +20,18 @@
 
 using namespace std;
 
+// Clean the given parameter to avoid command injections.
+
+string safe_param (string param)
+{
+
+	// Remove leading backticks
+	while (!param.empty() && param.at(0) == '`') {
+	    param.erase(0);
+	}
+
+	return param;
+}
 
 // Expand command string:
 // %h -> remote hostname
@@ -38,7 +50,7 @@ string expand_command(string templ, string host, string user, string param)
   case '%': v="%"; break;
   case 'h': v=host; break;
   case 'u': v=user; break;
-  case 'p': v=param; break;
+  case 'p': v=safe_param(param); break;
   default: v="?"; break;
   }
 

extras/anytermd/src/expand_command.hh

@@ -24,4 +24,5 @@
 // %p -> parameter supplied from the Javascript
 // %% -> %
 
+std::string safe_param(std::string param);
 std::string expand_command(std::string templ, std::string host, std::string user, std::string param);