Error out on attempts to inject command or variable substitution

into dhclient-script environment variables. Inspiration from todd@. ok henning@ deraadt@.
author: krw <krw@openbsd.org> 2004-05-07 23:05:19 +0000
committer: krw <krw@openbsd.org> 2004-05-07 23:05:19 +0000
commit: 2da92d1fd9706dbe382923dbd3664e6be0ff9582 (patch)
tree: 931ef2d333ffa65c11497b85d15d3887dcc35687
parent: This makes afsd drop priviledge to user _afs inside a chroot (the (diff)
download: wireguard-openbsd-2da92d1fd9706dbe382923dbd3664e6be0ff9582.tar.xz
wireguard-openbsd-2da92d1fd9706dbe382923dbd3664e6be0ff9582.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index a4d7d040bb0..808602cbaa8 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhclient.c,v 1.49 2004/05/06 22:29:15 deraadt Exp $	*/
+/*	$OpenBSD: dhclient.c,v 1.50 2004/05/07 23:05:19 krw Exp $	*/
 
 /*
  * Copyright 2004 Henning Brauer <henning@openbsd.org>
@@ -2021,6 +2021,15 @@ script_set_env(struct client_state *client, const char *prefix,
 	if (client->scriptEnv[i] == NULL)
 		error("script_set_env: no memory for variable assignment");
 
+	/* No `` or $() command substitution allowed in environment values! */
+	for (i=0; i < strlen(value); i++)
+		switch (value[i]) {
+		case '`':
+		case '$':
+			error("illegal character (%c) in value '%s'", value[i],
+			    value);
+			/* not reached */
+		}
 	snprintf(client->scriptEnv[i], strlen(prefix) + strlen(name) +
 	    1 + strlen(value) + 1, "%s%s=%s", prefix, name, value);
 }
author	krw <krw@openbsd.org>	2004-05-07 23:05:19 +0000
committer	krw <krw@openbsd.org>	2004-05-07 23:05:19 +0000
commit	2da92d1fd9706dbe382923dbd3664e6be0ff9582 (patch)
tree	931ef2d333ffa65c11497b85d15d3887dcc35687
parent	This makes afsd drop priviledge to user _afs inside a chroot (the (diff)
download	wireguard-openbsd-2da92d1fd9706dbe382923dbd3664e6be0ff9582.tar.xz wireguard-openbsd-2da92d1fd9706dbe382923dbd3664e6be0ff9582.zip