| 1 |
From e40f18454d0fbae93812fa25c78fabec58270a67 Mon Sep 17 00:00:00 2001 |
| 2 |
From: William Cohen <wcohen@redhat.com> |
| 3 |
Date: Tue, 10 May 2011 16:42:31 -0400 |
| 4 |
Subject: [PATCH 4/4] Do additional checks on user supplied arguments |
| 5 |
|
| 6 |
Avoid blindly setting variable to user-supplied values. Check to the values |
| 7 |
to make sure they do not contain odd punctuation to address CVE-2011-1760. |
| 8 |
|
| 9 |
The patch was ported by Luciano Bello |
| 10 |
--- |
| 11 |
utils/opcontrol | 36 ++++++++++++++++++++++-------------- |
| 12 |
1 files changed, 22 insertions(+), 14 deletions(-) |
| 13 |
|
| 14 |
--- a/utils/opcontrol |
| 15 |
+++ b/utils/opcontrol |
| 16 |
@@ -60,6 +60,43 @@ |
| 17 |
fi |
| 18 |
} |
| 19 |
|
| 20 |
+# guess_number_base() checks if string is a valid octal(8), hexidecimal(16), |
| 21 |
+# or decimal number(10). The value is returned in $?. Returns 0, if string |
| 22 |
+# isn't a octal, hexidecimal, or decimal number. |
| 23 |
+guess_number_base() |
| 24 |
+{ |
| 25 |
+ if [[ "$1" =~ ^0[0-7]*$ ]] ; then |
| 26 |
+ return 8; |
| 27 |
+ elif [[ "$1" =~ ^0x[0-9a-fA-F]+$ ]] ; then |
| 28 |
+ return 16; |
| 29 |
+ elif [[ "$1" =~ ^[1-9][0-9]*$ ]] ; then |
| 30 |
+ return 10; |
| 31 |
+ else |
| 32 |
+ return 0; |
| 33 |
+ fi |
| 34 |
+} |
| 35 |
+ |
| 36 |
+# check value is a valid number |
| 37 |
+error_if_not_number() |
| 38 |
+{ |
| 39 |
+ error_if_empty $1 $2 |
| 40 |
+ guess_number_base $2 |
| 41 |
+ if test "$?" -eq 0 ; then |
| 42 |
+ echo "Argument for $1, $2, is not a valid number." >&2 |
| 43 |
+ exit 1 |
| 44 |
+ fi |
| 45 |
+} |
| 46 |
+ |
| 47 |
+error_if_invalid_arg() |
| 48 |
+{ |
| 49 |
+ error_if_empty $1 $2 |
| 50 |
+ clean_val="`echo "$2" | tr -cd '[:alnum:]_:/,\-.'`" |
| 51 |
+ if [ "x$2" != "x$clean_val" ]; then |
| 52 |
+ echo "Argument for $1, $2, is not valid argument." >&2 |
| 53 |
+ exit 1 |
| 54 |
+ fi |
| 55 |
+} |
| 56 |
+ |
| 57 |
# rm_device arguments $1=file_name |
| 58 |
rm_device() |
| 59 |
{ |
| 60 |
@@ -436,7 +473,7 @@ |
| 61 |
# load the actual information from file |
| 62 |
while IFS== read -r arg val; do |
| 63 |
clean_arg="`echo "${arg}" | tr -cd '[:alnum:]_'`" |
| 64 |
- clean_val="`echo "${val}" | tr -cd '[:alnum:]_:/.-'`" |
| 65 |
+ clean_val="`echo "${val}" | tr -cd '[:alnum:]_:/,\-.'`" |
| 66 |
if [ "x$arg" != "x$clean_arg" ]; then |
| 67 |
echo "Invalid variable \"$arg\" in $SETUP_FILE." |
| 68 |
exit 1 |
| 69 |
@@ -748,7 +785,7 @@ |
| 70 |
;; |
| 71 |
|
| 72 |
--save) |
| 73 |
- error_if_empty $arg $val |
| 74 |
+ error_if_invalid_arg $arg $val |
| 75 |
DUMP=yes |
| 76 |
SAVE_SESSION=yes |
| 77 |
SAVE_NAME=$val |
| 78 |
@@ -773,7 +810,7 @@ |
| 79 |
# already processed |
| 80 |
;; |
| 81 |
--buffer-size) |
| 82 |
- error_if_empty $arg $val |
| 83 |
+ error_if_not_number $arg $val |
| 84 |
BUF_SIZE=$val |
| 85 |
DO_SETUP=yes |
| 86 |
;; |
| 87 |
@@ -782,7 +819,7 @@ |
| 88 |
echo "$arg unsupported for this kernel version" |
| 89 |
exit 1 |
| 90 |
fi |
| 91 |
- error_if_empty $arg $val |
| 92 |
+ error_if_not_number $arg $val |
| 93 |
BUF_WATERSHED=$val |
| 94 |
DO_SETUP=yes |
| 95 |
;; |
| 96 |
@@ -791,12 +828,12 @@ |
| 97 |
echo "$arg unsupported for this kernel version" |
| 98 |
exit 1 |
| 99 |
fi |
| 100 |
- error_if_empty $arg $val |
| 101 |
+ error_if_not_number $arg $val |
| 102 |
CPU_BUF_SIZE=$val |
| 103 |
DO_SETUP=yes |
| 104 |
;; |
| 105 |
-e|--event) |
| 106 |
- error_if_empty $arg $val |
| 107 |
+ error_if_invalid_arg $arg $val |
| 108 |
# reset any read-in defaults from daemonrc |
| 109 |
if test "$SEEN_EVENT" = "0"; then |
| 110 |
NR_CHOSEN=0 |
| 111 |
@@ -817,7 +854,6 @@ |
| 112 |
DO_SETUP=yes |
| 113 |
;; |
| 114 |
-c|--callgraph) |
| 115 |
- error_if_empty $arg $val |
| 116 |
if test ! -f $MOUNT/backtrace_depth; then |
| 117 |
echo "Call-graph profiling unsupported on this kernel/hardware" >&2 |
| 118 |
exit 1 |
| 119 |
@@ -826,7 +862,7 @@ |
| 120 |
DO_SETUP=yes |
| 121 |
;; |
| 122 |
--vmlinux) |
| 123 |
- error_if_empty $arg $val |
| 124 |
+ error_if_invalid_arg $arg $val |
| 125 |
VMLINUX=$val |
| 126 |
DO_SETUP=yes |
| 127 |
;; |
| 128 |
@@ -835,32 +871,32 @@ |
| 129 |
DO_SETUP=yes |
| 130 |
;; |
| 131 |
--kernel-range) |
| 132 |
- error_if_empty $arg $val |
| 133 |
+ error_if_invalid_arg $arg $val |
| 134 |
KERNEL_RANGE=$val |
| 135 |
DO_SETUP=yes |
| 136 |
;; |
| 137 |
--xen) |
| 138 |
- error_if_empty $arg $val |
| 139 |
+ error_if_invalid_arg $arg $val |
| 140 |
XENIMAGE=$val |
| 141 |
DO_SETUP=yes |
| 142 |
;; |
| 143 |
--active-domains) |
| 144 |
- error_if_empty $arg $val |
| 145 |
+ error_if_invalid_arg $arg $val |
| 146 |
ACTIVE_DOMAINS=$val |
| 147 |
DO_SETUP=yes |
| 148 |
;; |
| 149 |
--note-table-size) |
| 150 |
- error_if_empty $arg $val |
| 151 |
if test "$KERNEL_SUPPORT" = "yes"; then |
| 152 |
echo "\"$arg\" meaningless on this kernel" >&2 |
| 153 |
exit 1 |
| 154 |
else |
| 155 |
+ error_if_not_number $arg $val |
| 156 |
NOTE_SIZE=$val |
| 157 |
fi |
| 158 |
DO_SETUP=yes |
| 159 |
;; |
| 160 |
-i|--image) |
| 161 |
- error_if_empty $arg $val |
| 162 |
+ error_if_invalid_arg $arg $val |
| 163 |
if test "$val" = "all"; then |
| 164 |
IMAGE_FILTER= |
| 165 |
else |
| 166 |
@@ -873,6 +909,7 @@ |
| 167 |
if test -z "$val"; then |
| 168 |
VERBOSE="all" |
| 169 |
else |
| 170 |
+ error_if_invalid_arg $arg $val |
| 171 |
VERBOSE=$val |
| 172 |
fi |
| 173 |
;; |
| 174 |
@@ -1809,7 +1846,7 @@ |
| 175 |
exit 0 |
| 176 |
;; |
| 177 |
--session-dir) |
| 178 |
- error_if_empty $arg $val |
| 179 |
+ error_if_invalid_arg $arg $val |
| 180 |
SESSION_DIR="$val" |
| 181 |
DO_SETUP=yes |
| 182 |
# do not exit early |
Parent Directory
| 
Revision Log