From e37d4df29ff7191bff516f30a0640ed1a0791264 Mon Sep 17 00:00:00 2001
From: Vchanger <chenzhen126@huawei.com>
Date: Mon, 4 Mar 2024 20:22:55 +0800
Subject: [PATCH] ioprobe: fix command injection

---
 src/common/common.h                           |  1 +
 src/common/util.c                             | 24 +++++++++++++++++++
 .../extends/ebpf.probe/src/ioprobe/ioprobe.c  |  8 ++++++-
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/src/common/common.h b/src/common/common.h
index e7a8dee..5965444 100644
--- a/src/common/common.h
+++ b/src/common/common.h
@@ -196,5 +196,6 @@ int __snprintf(char **buf, const int bufLen, int *remainLen, const char *format,
 char is_digit_str(const char *s);
 int get_system_uuid(char *buffer, unsigned int size);
 int copy_file(const char *dst_file, const char *src_file);
+int check_path_for_security(const char *path);
 
 #endif
diff --git a/src/common/util.c b/src/common/util.c
index 98d5b12..9f7c861 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -22,6 +22,9 @@
 #include <stdarg.h>
 #include "common.h"
 
+const char* command_injection_characters[] = {"|", ";", "&", "$", ">", "<", "(", ")", "./", "/.", "?", "*",
+                                    "\'", "`", "[", "]", "\\", "!", "\n"};
+
 char *get_cur_date(void)
 {
     /* return date str, ex: 2021/05/17 */
@@ -240,5 +243,26 @@ int copy_file(const char *dst_file, const char *src_file) {
     free(buffer);
     fclose(fp1);
     fclose(fp2);
+    return 0;
+}
+
+/*
+ * Check the path to avoid command injection
+ * @path: path executed as command
+ */
+int check_path_for_security(const char *path)
+{
+    if (path == NULL || strlen(path) == 0) {
+        return 0;
+    }
+
+    int command_injection_characters_len = sizeof(command_injection_characters) / sizeof(command_injection_characters[0]);
+
+    for (int i = 0; i < command_injection_characters_len; ++i) {
+        if (strstr(path, command_injection_characters[i])) {
+            return 1;
+        }
+    }
+
     return 0;
 }
\ No newline at end of file
diff --git a/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c b/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c
index af7b1ea..dc809dd 100644
--- a/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c
+++ b/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c
@@ -108,7 +108,7 @@ static char* __get_first_letter_pos(char *buf)
         pos++;
         p = buf + pos;
     }
-    
+
     if (pos >= len) {
         return NULL;
     }
@@ -166,6 +166,12 @@ static int get_devt(char *dev_name, int *major, int *minor)
 
     sys_file[0] = 0;
     (void)snprintf(sys_file, PATH_LEN, "/sys/block/%s/dev", dev_name);
+
+    if (check_path_for_security(sys_file)) {
+        fprintf(stderr, "invalid dev name\n", dev_name);
+        return -1;
+    }
+
     if (access(sys_file, 0)) {
         sys_file[0] = 0;
         (void)snprintf(sys_file, PATH_LEN, "/sys/block/*/%s/../dev", dev_name);
-- 
2.33.0