packages/gala-gopher
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!83 [sync] PR-81: fix command injection in ioprobe

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @MrRlu 
Signed-off-by: @MrRlu
This commit is contained in:
openeuler-ci-bot 2024-03-08 13:19:00 +00:00 committed by Gitee
commit a2a1d2369c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 98 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gala-gopher.spec
View File

@ -6,7 +6,7 @@
Summary: Intelligent ops toolkit for openEuler
Name: gala-gopher
Version: 1.0.2
Release: 3
Release: 4
License: Mulan PSL v2
URL: https://gitee.com/openeuler/gala-gopher
Source: %{name}-%{version}.tar.gz
@ -41,6 +41,7 @@ Patch18: fix-fix-install-error.patch
Patch19: bugfix-zombie-task.patch
Patch20: fix-add-default-data-of-event-conf.patch
Patch21: fix-access-violation.patch
Patch22: ioprobe-fix-command-injection.patch
%description
gala-gopher is a low-overhead eBPF-based probes framework
@ -100,6 +101,9 @@ fi
/usr/lib/systemd/system/gala-gopher.service
%changelog
* Fri Mar 8 2024 Zhen Chen <chenzhen126@huawei.com> - 1.0.2-4
- fix command injection in ioprobe
* Fri Jun 9 2023 Tangxin Xie <xietangxin@huawei.com> - 1.0.2-3
- fix httpprobe find libssl path
Fix segmentation fault of gala-gopher cmd

93
ioprobe-fix-command-injection.patch Normal file
View File

@ -0,0 +1,93 @@
From e37d4df29ff7191bff516f30a0640ed1a0791264 Mon Sep 17 00:00:00 2001
From: Vchanger <chenzhen126@huawei.com>
Date: Mon, 4 Mar 2024 20:22:55 +0800
Subject: [PATCH] ioprobe: fix command injection
---
src/common/common.h | 1 +
src/common/util.c | 24 +++++++++++++++++++
.../extends/ebpf.probe/src/ioprobe/ioprobe.c | 8 ++++++-
3 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/src/common/common.h b/src/common/common.h
index e7a8dee..5965444 100644
--- a/src/common/common.h
+++ b/src/common/common.h
@@ -196,5 +196,6 @@ int __snprintf(char **buf, const int bufLen, int *remainLen, const char *format,
char is_digit_str(const char *s);
int get_system_uuid(char *buffer, unsigned int size);
int copy_file(const char *dst_file, const char *src_file);
+int check_path_for_security(const char *path);
#endif
diff --git a/src/common/util.c b/src/common/util.c
index 98d5b12..9f7c861 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -22,6 +22,9 @@
#include <stdarg.h>
#include "common.h"
+const char* command_injection_characters[] = {"|", ";", "&", "$", ">", "<", "(", ")", "./", "/.", "?", "*",
+ "\'", "`", "[", "]", "\\", "!", "\n"};
+
char *get_cur_date(void)
{
/* return date str, ex: 2021/05/17 */
@@ -240,5 +243,26 @@ int copy_file(const char *dst_file, const char *src_file) {
free(buffer);
fclose(fp1);
fclose(fp2);
+ return 0;
+}
+
+/*
+ * Check the path to avoid command injection
+ * @path: path executed as command
+ */
+int check_path_for_security(const char *path)
+{
+ if (path == NULL || strlen(path) == 0) {
+ return 0;
+ }
+
+ int command_injection_characters_len = sizeof(command_injection_characters) / sizeof(command_injection_characters[0]);
+
+ for (int i = 0; i < command_injection_characters_len; ++i) {
+ if (strstr(path, command_injection_characters[i])) {
+ return 1;
+ }
+ }
+
return 0;
}
\ No newline at end of file
diff --git a/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c b/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c
index af7b1ea..dc809dd 100644
--- a/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c
+++ b/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c
@@ -108,7 +108,7 @@ static char* __get_first_letter_pos(char *buf)
pos++;
p = buf + pos;
}
-
+
if (pos >= len) {
return NULL;
}
@@ -166,6 +166,12 @@ static int get_devt(char *dev_name, int *major, int *minor)
sys_file[0] = 0;
(void)snprintf(sys_file, PATH_LEN, "/sys/block/%s/dev", dev_name);
+
+ if (check_path_for_security(sys_file)) {
+ fprintf(stderr, "invalid dev name\n", dev_name);
+ return -1;
+ }
+
if (access(sys_file, 0)) {
sys_file[0] = 0;
(void)snprintf(sys_file, PATH_LEN, "/sys/block/*/%s/../dev", dev_name);
--
2.33.0