diff options
author | Gerald Carter <jerry@samba.org> | 2007-05-14 14:23:51 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:22:02 -0500 |
commit | d34f6bb969092166c961e328229b1b05a30f6930 (patch) | |
tree | 5cad4256a4dab7d6a7545188f877b7c78cf7c8f0 /source3/lib/smbrun.c | |
parent | 00790cb8afaf768ba650ee40796ccdafc535ae8d (diff) | |
download | samba-d34f6bb969092166c961e328229b1b05a30f6930.tar.gz samba-d34f6bb969092166c961e328229b1b05a30f6930.tar.bz2 samba-d34f6bb969092166c961e328229b1b05a30f6930.zip |
r22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all branches
(This used to be commit f65214be68c1a59d9598bfb9f3b19e71cc3fa07b)
Diffstat (limited to 'source3/lib/smbrun.c')
-rw-r--r-- | source3/lib/smbrun.c | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/source3/lib/smbrun.c b/source3/lib/smbrun.c index 4400aeb443..e81224b5af 100644 --- a/source3/lib/smbrun.c +++ b/source3/lib/smbrun.c @@ -55,7 +55,7 @@ run a command being careful about uid/gid handling and putting the output in outfd (or discard it if outfd is NULL). ****************************************************************************/ -int smbrun(const char *cmd, int *outfd) +static int smbrun_internal(const char *cmd, int *outfd, BOOL sanitize) { pid_t pid; uid_t uid = current_user.ut.uid; @@ -173,13 +173,36 @@ int smbrun(const char *cmd, int *outfd) } #endif - execl("/bin/sh","sh","-c",cmd,NULL); + { + const char *newcmd = sanitize ? escape_shell_string(cmd) : cmd; + if (!newcmd) { + exit(82); + } + execl("/bin/sh","sh","-c",newcmd,NULL); + } /* not reached */ - exit(82); + exit(83); return 1; } +/**************************************************************************** + Use only in known safe shell calls (printing). +****************************************************************************/ + +int smbrun_no_sanitize(const char *cmd, int *outfd) +{ + return smbrun_internal(cmd, outfd, False); +} + +/**************************************************************************** + By default this now sanitizes shell expansion. +****************************************************************************/ + +int smbrun(const char *cmd, int *outfd) +{ + return smbrun_internal(cmd, outfd, True); +} /**************************************************************************** run a command being careful about uid/gid handling and putting the output in @@ -302,7 +325,7 @@ int smbrunsecret(const char *cmd, const char *secret) #endif execl("/bin/sh", "sh", "-c", cmd, NULL); - + /* not reached */ exit(82); return 1; |