94 lines
2.9 KiB
Diff
94 lines
2.9 KiB
Diff
From e37d4df29ff7191bff516f30a0640ed1a0791264 Mon Sep 17 00:00:00 2001
|
|
From: Vchanger <chenzhen126@huawei.com>
|
|
Date: Mon, 4 Mar 2024 20:22:55 +0800
|
|
Subject: [PATCH] ioprobe: fix command injection
|
|
|
|
---
|
|
src/common/common.h | 1 +
|
|
src/common/util.c | 24 +++++++++++++++++++
|
|
.../extends/ebpf.probe/src/ioprobe/ioprobe.c | 8 ++++++-
|
|
3 files changed, 32 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/common/common.h b/src/common/common.h
|
|
index e7a8dee..5965444 100644
|
|
--- a/src/common/common.h
|
|
+++ b/src/common/common.h
|
|
@@ -196,5 +196,6 @@ int __snprintf(char **buf, const int bufLen, int *remainLen, const char *format,
|
|
char is_digit_str(const char *s);
|
|
int get_system_uuid(char *buffer, unsigned int size);
|
|
int copy_file(const char *dst_file, const char *src_file);
|
|
+int check_path_for_security(const char *path);
|
|
|
|
#endif
|
|
diff --git a/src/common/util.c b/src/common/util.c
|
|
index 98d5b12..9f7c861 100644
|
|
--- a/src/common/util.c
|
|
+++ b/src/common/util.c
|
|
@@ -22,6 +22,9 @@
|
|
#include <stdarg.h>
|
|
#include "common.h"
|
|
|
|
+const char* command_injection_characters[] = {"|", ";", "&", "$", ">", "<", "(", ")", "./", "/.", "?", "*",
|
|
+ "\'", "`", "[", "]", "\\", "!", "\n"};
|
|
+
|
|
char *get_cur_date(void)
|
|
{
|
|
/* return date str, ex: 2021/05/17 */
|
|
@@ -240,5 +243,26 @@ int copy_file(const char *dst_file, const char *src_file) {
|
|
free(buffer);
|
|
fclose(fp1);
|
|
fclose(fp2);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+/*
|
|
+ * Check the path to avoid command injection
|
|
+ * @path: path executed as command
|
|
+ */
|
|
+int check_path_for_security(const char *path)
|
|
+{
|
|
+ if (path == NULL || strlen(path) == 0) {
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ int command_injection_characters_len = sizeof(command_injection_characters) / sizeof(command_injection_characters[0]);
|
|
+
|
|
+ for (int i = 0; i < command_injection_characters_len; ++i) {
|
|
+ if (strstr(path, command_injection_characters[i])) {
|
|
+ return 1;
|
|
+ }
|
|
+ }
|
|
+
|
|
return 0;
|
|
}
|
|
\ No newline at end of file
|
|
diff --git a/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c b/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c
|
|
index af7b1ea..dc809dd 100644
|
|
--- a/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c
|
|
+++ b/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c
|
|
@@ -108,7 +108,7 @@ static char* __get_first_letter_pos(char *buf)
|
|
pos++;
|
|
p = buf + pos;
|
|
}
|
|
-
|
|
+
|
|
if (pos >= len) {
|
|
return NULL;
|
|
}
|
|
@@ -166,6 +166,12 @@ static int get_devt(char *dev_name, int *major, int *minor)
|
|
|
|
sys_file[0] = 0;
|
|
(void)snprintf(sys_file, PATH_LEN, "/sys/block/%s/dev", dev_name);
|
|
+
|
|
+ if (check_path_for_security(sys_file)) {
|
|
+ fprintf(stderr, "invalid dev name\n", dev_name);
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
if (access(sys_file, 0)) {
|
|
sys_file[0] = 0;
|
|
(void)snprintf(sys_file, PATH_LEN, "/sys/block/*/%s/../dev", dev_name);
|
|
--
|
|
2.33.0
|
|
|