Retaint arguments before exec'ing.

git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@355 e3e1d417-86f3-4887-817a-d78f3d33393f
pull/27/merge
stan 2003-01-17 10:33:17 +00:00
parent 7205f95042
commit 259f6a5eb4
1 changed files with 16 additions and 3 deletions

View File

@ -84,7 +84,7 @@ if ( $needs_daemon )
foreach my $arg ( @ARGV ) foreach my $arg ( @ARGV )
{ {
# Detaint arguments, if they look ok # Detaint arguments, if they look ok
if ( $arg =~ /^(-{0,2}[\w\d]+)/ ) if ( $arg =~ /^(-{0,2}[\w]+)/ )
{ {
push( @args, $1 ); push( @args, $1 );
} }
@ -94,7 +94,6 @@ foreach my $arg ( @ARGV )
} }
} }
socket( CLIENT, PF_UNIX, SOCK_STREAM, 0 ) or die( "Can't open socket: $!" ); socket( CLIENT, PF_UNIX, SOCK_STREAM, 0 ) or die( "Can't open socket: $!" );
my $saddr = sockaddr_un( DC_SOCK_FILE ); my $saddr = sockaddr_un( DC_SOCK_FILE );
@ -212,7 +211,21 @@ if ( !connect( CLIENT, $saddr ) )
die( "Invalid daemon '$daemon' specified" ); die( "Invalid daemon '$daemon' specified" );
} }
exec( $daemon, @args ) or die( "Can't exec: $!" ); my @good_args;
foreach my $arg ( @args )
{
# Detaint arguments, if they look ok
if ( $arg =~ /^(-{0,2}[\w]+)/ )
{
push( @good_args, $1 );
}
else
{
die( "Bogus argument '$arg' found" );
}
}
exec( $daemon, @good_args ) or die( "Can't exec: $!" );
} }
else else
{ {