[PATCH] file: strengthen exec access control

2023-05-29 Thread erik . r . karlsson 
From: Erik Karlsson 

Do not allow setting environment variables if there is a session as
there is no access control for environment variables and allowing
arbitrary data into the environment is unsafe. Do not leak arguments
through unchecked if the size of the buffer for access checking the
whole command line is exceeded. Adjust the maximum number of allowed
arguments so it matches the actual implementation.

Signed-off-by: Erik Karlsson 
---
 file.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/file.c b/file.c
index 07b4d3c..1e5b2f4 100644
--- a/file.c
+++ b/file.c
@@ -809,6 +809,9 @@ rpc_file_exec_run(const char *cmd, const struct blob_attr 
*sid,
 
struct rpc_file_exec_context *c;
 
+   if (sid && env)
+   return UBUS_STATUS_PERMISSION_DENIED;
+
cmd = rpc_file_exec_lookup(cmd);
 
if (!cmd)
@@ -824,7 +827,7 @@ rpc_file_exec_run(const char *cmd, const struct blob_attr 
*sid,
if (arg == NULL || strlen(executable) >= sizeof(cmdstr))
return UBUS_STATUS_PERMISSION_DENIED;
 
-   arglen = 0;
+   arglen = 2;
p = cmdstr + sprintf(cmdstr, "%s", executable);
 
blobmsg_for_each_attr(cur, arg, rem)
@@ -834,7 +837,7 @@ rpc_file_exec_run(const char *cmd, const struct blob_attr 
*sid,
 
if (arglen == 255 ||
p + blobmsg_data_len(cur) >= cmdstr + 
sizeof(cmdstr))
-   break;
+   return UBUS_STATUS_PERMISSION_DENIED;
 
p += sprintf(p, " %s", blobmsg_get_string(cur));
arglen++;
-- 
2.25.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[PATCH] firmware-utils: package xiaomifw

2023-05-29 Thread Rafał Miłecki 
From: Rafał Miłecki 

It's needed to revert back to Xiaomi original firmware.

Signed-off-by: Rafał Miłecki 
---
 package/utils/firmware-utils/Makefile | 8 
 1 file changed, 8 insertions(+)

diff --git a/package/utils/firmware-utils/Makefile 
b/package/utils/firmware-utils/Makefile
index f49cca01bb..644aa69274 100644
--- a/package/utils/firmware-utils/Makefile
+++ b/package/utils/firmware-utils/Makefile
@@ -35,5 +35,13 @@ define Package/otrx/install
$(INSTALL_BIN) $(PKG_BUILD_DIR)/otrx $(1)/usr/bin/
 endef
 
+Package/xiaomifw = $(call Package/default,xiaomifw,@TARGET_ramips)
+
+define Package/xiaomifw/install
+   $(INSTALL_DIR) $(1)/usr/bin
+   $(INSTALL_BIN) $(PKG_BUILD_DIR)/xiaomifw $(1)/usr/bin/
+endef
+
 $(eval $(call BuildPackage,oseama))
 $(eval $(call BuildPackage,otrx))
+$(eval $(call BuildPackage,xiaomifw))
-- 
2.35.3


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel