[klibc] [klibc:master] [VAR] Sanitise environment variable names on entry
klibc-bot for Herbert Xu
herbert at gondor.hengli.com.au
Mon Jul 2 02:12:07 PDT 2012
Commit-ID: 61d300672e0c1877482deed0f745b52ef306c7d3
Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=61d300672e0c1877482deed0f745b52ef306c7d3
Author: Herbert Xu <herbert at gondor.apana.org.au>
AuthorDate: Sat, 25 Feb 2012 15:35:18 +0800
Committer: maximilian attems <max at stro.at>
CommitDate: Mon, 2 Jul 2012 10:47:34 +0200
[klibc] [VAR] Sanitise environment variable names on entry
On Tue, Feb 14, 2012 at 10:48:48AM +0000, harald at redhat.com wrote:
>
> "export -p" prints all environment variables, without checking if the
> environment variable is a valid dash variable name.
>
> IMHO, the only valid usecase for "export -p" is to eval the output.
>
> $ eval $(export -p); echo OK
> OK
>
> Without this patch the following test does error out with:
>
> test.py:
> import os
> os.environ["test-test"]="test"
> os.environ["test_test"]="test"
> os.execv("./dash", [ './dash', '-c', 'eval $(export -p); echo OK' ])
>
> $ python test.py
> ./dash: 1: export: test-test: bad variable name
>
> Of course the results can be more evil, if the environment variable
> name is crafted, that it injects valid shell code.
This patch fixes the issue by sanitising all environment variable names
upon entry into the shell.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: maximilian attems <max at stro.at>
---
usr/dash/var.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/usr/dash/var.c b/usr/dash/var.c
index 027beff..dc90249 100644
--- a/usr/dash/var.c
+++ b/usr/dash/var.c
@@ -136,7 +136,8 @@ INIT {
initvar();
for (envp = environ ; *envp ; envp++) {
- if (strchr(*envp, '=')) {
+ p = endofname(*envp);
+ if (p != *envp && *p == '=') {
setvareq(*envp, VEXPORT|VTEXTFIXED);
}
}
More information about the klibc
mailing list