Module: sip-router Branch: 4.0 Commit: e97250982c3d9fdc1d7dcba59f7bc0a9256264b9 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e97250982c3d9fdc1d7dcba59f7bc0a9256264b9
Author: Seudin Kasumovic <[email protected]> Committer: Daniel-Constantin Mierla <[email protected]> Date: Thu Sep 25 16:56:28 2014 +0200 exec: safety check against bash vulnerability CVE-2014-6271 (cherry picked from commit d5d57c0df931c9d60432def919c837cc76e4ce42) (cherry picked from commit aebd010ee1ebff8a70877164fb7b508c1ca5503d) --- modules/exec/exec_hf.c | 18 ++++++++++++++---- 1 files changed, 14 insertions(+), 4 deletions(-) diff --git a/modules/exec/exec_hf.c b/modules/exec/exec_hf.c index 37eaf27..1338cbc 100644 --- a/modules/exec/exec_hf.c +++ b/modules/exec/exec_hf.c @@ -256,12 +256,22 @@ static int print_hf_var(struct hf_wrapper *w, int offset) memcpy(envvar, w->prefix, w->prefix_len); c=envvar+w->prefix_len; memcpy(c, hname, hlen ); c+=hlen; *c=EV_ASSIGN;c++; - memcpy(c, w->u.hf->body.s+offset, w->u.hf->body.len ); - c+=w->u.hf->body.len; + if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { + memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 ); + c+=(w->u.hf->body.len-2); + } else { + memcpy(c, w->u.hf->body.s+offset, w->u.hf->body.len ); + c+=w->u.hf->body.len; + } for (wi=w->next_same; wi; wi=wi->next_same) { *c=HF_SEPARATOR;c++; - memcpy(c, wi->u.hf->body.s+offset, wi->u.hf->body.len ); - c+=wi->u.hf->body.len; + if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { + memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 ); + c+=(w->u.hf->body.len-2); + } else { + memcpy(c, w->u.hf->body.s+offset, w->u.hf->body.len ); + c+=w->u.hf->body.len; + } } *c=0; /* zero termination */ LM_DBG("%s\n", envvar ); _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
