DGNum/rpcd
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

file: strengthen exec access control

Browse source 
Do not allow setting environment variables if there is a session as
there is no access control for environment variables and allowing
arbitrary data into the environment is unsafe. Do not leak arguments
through unchecked if the size of the buffer for access checking the
whole command line is exceeded. Adjust the maximum number of allowed
arguments so it matches the actual implementation.

Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
This commit is contained in:
Erik Karlsson 2023-05-29 19:54:23 +02:00 committed by Hauke Mehrtens
parent d97883005f
commit 31c390727b
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
file.c
View file

@ -809,6 +809,9 @@ rpc_file_exec_run(const char *cmd, const struct blob_attr *sid,
struct rpc_file_exec_context *c; struct rpc_file_exec_context *c;
if (sid && env)
return UBUS_STATUS_PERMISSION_DENIED;
cmd = rpc_file_exec_lookup(cmd); cmd = rpc_file_exec_lookup(cmd);
if (!cmd) if (!cmd)
@ -824,7 +827,7 @@ rpc_file_exec_run(const char *cmd, const struct blob_attr *sid,
if (arg == NULL || strlen(executable) >= sizeof(cmdstr)) if (arg == NULL || strlen(executable) >= sizeof(cmdstr))
return UBUS_STATUS_PERMISSION_DENIED; return UBUS_STATUS_PERMISSION_DENIED;
arglen = 0; arglen = 2;
p = cmdstr + sprintf(cmdstr, "%s", executable); p = cmdstr + sprintf(cmdstr, "%s", executable);
blobmsg_for_each_attr(cur, arg, rem) blobmsg_for_each_attr(cur, arg, rem)
@ -834,7 +837,7 @@ rpc_file_exec_run(const char *cmd, const struct blob_attr *sid,
if (arglen == 255 || if (arglen == 255 ||
p + blobmsg_data_len(cur) >= cmdstr + sizeof(cmdstr)) p + blobmsg_data_len(cur) >= cmdstr + sizeof(cmdstr))
break; return UBUS_STATUS_PERMISSION_DENIED;
p += sprintf(p, " %s", blobmsg_get_string(cur)); p += sprintf(p, " %s", blobmsg_get_string(cur));
arglen++; arglen++;