From c09d4492046cabf92de68c61aa7fd333cf3bfc84 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Thu, 29 Nov 2007 06:04:30 +0000 Subject: [PATCH] Reject unexpected redirections: (redir_authorized): New parameter expected, reject when zero. (doredir): Pass !redir_fp, do not close it. Before, an unexpected redirection silently replaced the existing one. (dopipe): Pass !redir_fp. Before, an unexpected redirection silently replaced the existing one, leaking its FILE. (doexecute): Pass 1. --- src/client/servcmd.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/client/servcmd.c b/src/client/servcmd.c index 4ea48de1..63190a7a 100644 --- a/src/client/servcmd.c +++ b/src/client/servcmd.c @@ -158,7 +158,7 @@ fname(char *s) } static int -redir_authorized(char *arg, char *attempt) +redir_authorized(char *arg, char *attempt, int expected) { size_t seen = seen_input(arg); @@ -167,6 +167,12 @@ redir_authorized(char *arg, char *attempt) return 0; } + if (!expected) { + fprintf(stderr, "WARNING! Server attempted to %s unexpectedly\n", + attempt); + return 0; + } + if (!seen || (input_to_forget && input_to_forget != seen)) { fprintf(stderr, "WARNING! Server attempted to %s %s\n", attempt, arg); @@ -182,12 +188,7 @@ doredir(char *p) int mode; int fd; - if (redir_fp) { - (void)fclose(redir_fp); - redir_fp = NULL; - } - - if (!redir_authorized(p, "redirect to file")) + if (!redir_authorized(p, "redirect to file", !redir_fp)) return; if (*p++ != '>') { fprintf(stderr, "WARNING! Weird redirection %s", p); @@ -222,7 +223,7 @@ doredir(char *p) static void dopipe(char *p) { - if (!redir_authorized(p, "pipe to shell command")) + if (!redir_authorized(p, "pipe to shell command", !redir_fp)) return; if (*p++ != '|') { fprintf(stderr, "WARNING! Weird pipe %s", p); @@ -247,7 +248,7 @@ doexecute(char *p) { int fd; - if (!redir_authorized(p, "execute script file")) + if (!redir_authorized(p, "execute script file", 1)) return -1; p = fname(p);