Module: sip-router Branch: master Commit: 21eb073c25b66b110193f1607b93f256f7d9fdfa URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=21eb073c...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: Thu Sep 25 16:59:34 2014 +0200
exec: add parameter to control the option for bash exec safety check of CVE-2014-6271
- parameter: bash_safety - default is 1 (enabled), set to 0 to disable - just in case someone needs that kind of header and knows what he/she does
---
modules/exec/exec_hf.c | 6 ++++-- modules/exec/exec_mod.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/modules/exec/exec_hf.c b/modules/exec/exec_hf.c index e0e5491..bd7a3d4 100644 --- a/modules/exec/exec_hf.c +++ b/modules/exec/exec_hf.c @@ -52,6 +52,8 @@ #include "../../char_msg_val.h" #include "exec_hf.h"
+extern int exec_bash_safety; + /* should be environment variables set by header fields ? */ unsigned int setvars=1;
@@ -256,7 +258,7 @@ static int print_hf_var(struct hf_wrapper *w, int offset) memcpy(envvar, w->prefix, w->prefix_len); c=envvar+w->prefix_len; memcpy(c, hname, hlen ); c+=hlen; *c=EV_ASSIGN;c++; - if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { + if (exec_bash_safety && !strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 ); c+=(w->u.hf->body.len-2); } else { @@ -265,7 +267,7 @@ static int print_hf_var(struct hf_wrapper *w, int offset) } for (wi=w->next_same; wi; wi=wi->next_same) { *c=HF_SEPARATOR;c++; - if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { + if (exec_bash_safety && !strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 ); c+=(w->u.hf->body.len-2); } else { diff --git a/modules/exec/exec_mod.c b/modules/exec/exec_mod.c index 3aadf0f..b872456 100644 --- a/modules/exec/exec_mod.c +++ b/modules/exec/exec_mod.c @@ -44,6 +44,7 @@ MODULE_VERSION
unsigned int time_to_kill=0; +int exec_bash_safety=1;
static int mod_init( void );
@@ -77,6 +78,7 @@ static cmd_export_t cmds[] = { static param_export_t params[] = { {"time_to_kill", INT_PARAM, &time_to_kill}, {"setvars", INT_PARAM, &setvars }, + {"bash_safety", INT_PARAM, &exec_bash_safety }, {0, 0, 0} };