From 0f3cb2d39793cdd2ba1bb1d4be671223b9eed80f Mon Sep 17 00:00:00 2001 From: Ramon Novoa Date: Thu, 10 Oct 2013 10:09:07 +0000 Subject: [PATCH] 2013-10-10 Ramon Novoa * src/expand_command.cc, src/expand_command.hh: Patched to avoid command injections. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8883 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- extras/anytermd/ChangeLog | 5 +++++ extras/anytermd/src/expand_command.cc | 14 +++++++++++++- extras/anytermd/src/expand_command.hh | 1 + 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/extras/anytermd/ChangeLog b/extras/anytermd/ChangeLog index 8004836a68..76e7efe047 100644 --- a/extras/anytermd/ChangeLog +++ b/extras/anytermd/ChangeLog @@ -1,3 +1,8 @@ +2013-10-10 Ramon Novoa + + * src/expand_command.cc, + src/expand_command.hh: Patched to avoid command injections. + 2012-05-04 Sancho Lerena * anytermd.suse.spec: Added specific spec for SUSE. Tested on a diff --git a/extras/anytermd/src/expand_command.cc b/extras/anytermd/src/expand_command.cc index 404bda3f8e..afc547e21b 100644 --- a/extras/anytermd/src/expand_command.cc +++ b/extras/anytermd/src/expand_command.cc @@ -20,6 +20,18 @@ using namespace std; +// Clean the given parameter to avoid command injections. + +string safe_param (string param) +{ + + // Remove leading backticks + while (!param.empty() && param.at(0) == '`') { + param.erase(0); + } + + return param; +} // Expand command string: // %h -> remote hostname @@ -38,7 +50,7 @@ string expand_command(string templ, string host, string user, string param) case '%': v="%"; break; case 'h': v=host; break; case 'u': v=user; break; - case 'p': v=param; break; + case 'p': v=safe_param(param); break; default: v="?"; break; } diff --git a/extras/anytermd/src/expand_command.hh b/extras/anytermd/src/expand_command.hh index d8ae97bd4f..ec33871219 100644 --- a/extras/anytermd/src/expand_command.hh +++ b/extras/anytermd/src/expand_command.hh @@ -24,4 +24,5 @@ // %p -> parameter supplied from the Javascript // %% -> % +std::string safe_param(std::string param); std::string expand_command(std::string templ, std::string host, std::string user, std::string param);