The Samba-Bugzilla – Attachment 13499 Details for
Bug 12950
modprinter.pl uses perl in an insecure way
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.7
0001-s3-script-Untaint-user-supplied-data-in-modprinter.p.patch (text/plain), 1.93 KB, created by
Andreas Schneider
on 2017-08-24 16:39:33 UTC
(
hide
)
Description:
patch for 4.7
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2017-08-24 16:39:33 UTC
Size:
1.93 KB
patch
obsolete
>From d9eef6bc92d4798e75e051156c0540869ef203dd Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 8 Aug 2017 08:40:34 +0200 >Subject: [PATCH] s3:script: Untaint user supplied data in modprinter.pl > >spoolss_SetPrinter fails because of the error produced by modprinter.pl. > >Perl error: >Insecure dependency in open while running setgid at modprinter.pl line 76. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12950 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit f44917743512fa40f2833629dfd781f7c691ce62) >--- > source3/script/tests/printing/modprinter.pl | 15 ++++++++++++--- > 1 file changed, 12 insertions(+), 3 deletions(-) > >diff --git a/source3/script/tests/printing/modprinter.pl b/source3/script/tests/printing/modprinter.pl >index 9e5e3292c6c..ec1ebcd7ab8 100755 >--- a/source3/script/tests/printing/modprinter.pl >+++ b/source3/script/tests/printing/modprinter.pl >@@ -67,7 +67,14 @@ if (!defined($share_name)) { > die "share name not defined"; > } > >-my $tmp = $opt_smb_conf.$$; >+my $smb_conf_file = $opt_smb_conf; >+if ($smb_conf_file =~ /^(.*)$/) { >+ $smb_conf_file = $1; # untaint file name >+} else { >+ die "Invalid file name $smb_conf_file"; >+} >+ >+my $tmp = $smb_conf_file.$$; > > my $section = undef; > my $within_section = 0; >@@ -75,7 +82,7 @@ my $found_section = 0; > > open(CONFIGFILE_NEW, "+>$tmp") || die "Unable top open conf file $tmp"; > >-open (CONFIGFILE, "+<$opt_smb_conf") || die "Unable to open config file $opt_smb_conf"; >+open (CONFIGFILE, "+<$smb_conf_file") || die "Unable to open config file $smb_conf_file"; > while (<CONFIGFILE>) { > my $line = $_; > chomp($_); >@@ -123,7 +130,9 @@ close (CONFIGFILE_NEW); > if ($opt_delete && ($found_section == 0)) { > die "share $share_name not found"; > } >-system("cp", "$tmp", "$opt_smb_conf"); >+ >+$ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH >+system("cp", "$tmp", "$smb_conf_file"); > unlink $tmp; > > exit 0; >-- >2.14.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
gd
:
review+
Actions:
View
Attachments on
bug 12950
: 13499