[klibc] [PATCH] Escape DHCP options written to /tmp/net-$DEVCICE.conf
Ulrich Dangel
uli at spamt.net
Thu Apr 21 09:03:01 PDT 2011
DHCP options like domain-name or hostname are written to
/tmp/net-$DEVICE.conf which is typically later used by other scripts to
determine the network configuration. This is done by sourcing the
/tmp/net-$DEVICE.conf file to get all defined variables.
This patch escapes the DHCP options written to /tmp/net-$DEVICE.conf
to prevent arbitrary code execution.
Signed-off-by: Ulrich Dangel <uli at spamt.net>
---
usr/kinit/ipconfig/main.c | 56 ++++++++++++++++++++++++++++++++-------------
1 files changed, 40 insertions(+), 16 deletions(-)
diff --git a/usr/kinit/ipconfig/main.c b/usr/kinit/ipconfig/main.c
index 76708a9..ec78dad 100644
--- a/usr/kinit/ipconfig/main.c
+++ b/usr/kinit/ipconfig/main.c
@@ -95,6 +95,26 @@ static void configure_device(struct netdev *dev)
dev->hostname, dev->name);
}
+static void write_option(FILE* f, const char* name, const char* value)
+{
+ int i=0;
+
+ fprintf(f, "%s='", name);
+ while (value[i]) {
+ switch (value[i]) {
+ case '!':
+ case '\'':
+ fprintf(f, "'\\%c'", value[i]);
+ break;
+ default:
+ fprintf(f, "%c", value[i]);
+ break;
+ }
+ ++i;
+ }
+ fprintf(f, "'\n");
+}
+
static void dump_device_config(struct netdev *dev)
{
char fn[40];
@@ -103,22 +123,26 @@ static void dump_device_config(struct netdev *dev)
snprintf(fn, sizeof(fn), "/tmp/net-%s.conf", dev->name);
f = fopen(fn, "w");
if (f) {
- fprintf(f, "DEVICE=%s\n", dev->name);
- fprintf(f, "IPV4ADDR=%s\n", my_inet_ntoa(dev->ip_addr));
- fprintf(f, "IPV4BROADCAST=%s\n",
- my_inet_ntoa(dev->ip_broadcast));
- fprintf(f, "IPV4NETMASK=%s\n", my_inet_ntoa(dev->ip_netmask));
- fprintf(f, "IPV4GATEWAY=%s\n", my_inet_ntoa(dev->ip_gateway));
- fprintf(f, "IPV4DNS0=%s\n",
- my_inet_ntoa(dev->ip_nameserver[0]));
- fprintf(f, "IPV4DNS1=%s\n",
- my_inet_ntoa(dev->ip_nameserver[1]));
- fprintf(f, "HOSTNAME=%s\n", dev->hostname);
- fprintf(f, "DNSDOMAIN=\"%s\"\n", dev->dnsdomainname);
- fprintf(f, "NISDOMAIN=%s\n", dev->nisdomainname);
- fprintf(f, "ROOTSERVER=%s\n", my_inet_ntoa(dev->ip_server));
- fprintf(f, "ROOTPATH=%s\n", dev->bootpath);
- fprintf(f, "filename=\"%s\"\n", dev->filename);
+ write_option(f, "DEVICE", dev->name);
+ write_option(f, "IPV4ADDR",
+ my_inet_ntoa(dev->ip_addr));
+ write_option(f, "IPV4BROADCAST",
+ my_inet_ntoa(dev->ip_broadcast));
+ write_option(f, "IPV4NETMASK",
+ my_inet_ntoa(dev->ip_netmask));
+ write_option(f, "IPV4GATEWAY",
+ my_inet_ntoa(dev->ip_gateway));
+ write_option(f, "IPV4DNS0",
+ my_inet_ntoa(dev->ip_nameserver[0]));
+ write_option(f, "IPV4DNS1",
+ my_inet_ntoa(dev->ip_nameserver[1]));
+ write_option(f, "HOSTNAME", dev->hostname);
+ write_option(f, "DNSDOMAIN", dev->dnsdomainname);
+ write_option(f, "NISDOMAIN", dev->nisdomainname);
+ write_option(f, "ROOTSERVER",
+ my_inet_ntoa(dev->ip_server));
+ write_option(f, "ROOTPATH", dev->bootpath);
+ write_option(f, "filename", dev->filename);
fclose(f);
}
}
--
1.7.1
More information about the klibc
mailing list