feature "trust-input" - Addresses CVE-2008-7315

If trust-input == 1: allow backticks and $() constructs else (default): replace backticks with single-quotes and remove the $ from $()
kckrinke · Oct 9, 2015 · 6adc44c · 6adc44c
1 parent 80f2d9c
commit 6adc44c
Show file tree

Hide file tree

Showing 16 changed files with 53 additions and 14 deletions.
diff --git a/lib/UI/Dialog.pm b/lib/UI/Dialog.pm
@@ -68,6 +68,8 @@ sub new {
     $self->_debug("ENV->UI_DIALOG: ".($ENV{'UI_DIALOG'}||'NULL'),2);
     unshift(@{$cfg->{'order'}},$ENV{'UI_DIALOG'}) if $ENV{'UI_DIALOG'};
 
+    $cfg->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     my @opts = ();
     foreach my $opt (keys(%$cfg)) { push(@opts,$opt,$cfg->{$opt}); }
 

diff --git a/lib/UI/Dialog/Backend.pm b/lib/UI/Dialog/Backend.pm
@@ -499,9 +499,10 @@ sub _merge_attrs {
 					$list->[$i] = $self->_esc_text($list->[$i]);
 				}
 			}
-		} else {
-			$args->{'list'} = $self->_esc_text($args->{'list'});
-		}
+    } else {
+      # This isn't an array, how did we get here? Programmer error?
+      $args->{'list'} = $self->_esc_text($list);
+    }
     }
     $args->{'clear'} = $args->{'clearbefore'} || $args->{'clearafter'} || $args->{'autoclear'} || 0;
     $args->{'beep'} = $args->{'beepbefore'} || $args->{'beepafter'} || $args->{'autobeep'} || 0;
@@ -535,17 +536,23 @@ sub _esc_text {
     my $self = $_[0];
     my $text = $_[1];
     unless (ref($text)) {
-		$text =~ s!\"!\\"!gm;
-		$text =~ s!\`!\\`!gm;
-		$text =~ s!\(!\(!gm;
-		$text =~ s!\)!\)!gm;
-		$text =~ s!\[!\[!gm;
-		$text =~ s!\]!\]!gm;
-		$text =~ s!\{!\{!gm;
-		$text =~ s!\}!\}!gm;
-		$text =~ s!\$!\\\$!gm;
-		$text =~ s!\>!\>!gm;
-		$text =~ s!\<!\<!gm;
+      if ($self->{'_opts'}->{'trust-input'} != 0) {
+        $text =~ s!`!\`!gm;
+        $text =~ s!\$!\$!gm;
+      } else {
+        # untrusted input, replace ` with ' and drop the $ from $()
+        $text =~ s!`!\'!gm;
+        $text =~ s!\$\(!\(!gm;
+      }
+      $text =~ s!"!\"!gm;
+      $text =~ s!\(!\(!gm;
+      $text =~ s!\)!\)!gm;
+      $text =~ s!\[!\[!gm;
+      $text =~ s!\]!\]!gm;
+      $text =~ s!\{!\{!gm;
+      $text =~ s!\}!\}!gm;
+      $text =~ s!>!\>!gm;
+      $text =~ s!<!\<!gm;
     }
     return($text);
 }

diff --git a/lib/UI/Dialog/Backend/ASCII.pm b/lib/UI/Dialog/Backend/ASCII.pm
@@ -78,6 +78,8 @@ sub new {
 									$self->_find_bin('more')  );
     $self->{'_opts'}->{'stty'} = $cfg->{'stty'} || $self->_find_bin('stty');
 
+    $self->{'_opts'}->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     $self->{'_state'} = {'rv'=>0};
 
     return($self);

diff --git a/lib/UI/Dialog/Backend/CDialog.pm b/lib/UI/Dialog/Backend/CDialog.pm
@@ -100,6 +100,8 @@ sub new {
     $self->{'_opts'}->{'yes-label'} = $cfg->{'yes-label'} || undef();
     $self->{'_opts'}->{'no-label'} = $cfg->{'no-label'} || undef();
 
+    $self->{'_opts'}->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     $self->_determine_dialog_variant();
     return($self);
 }

diff --git a/lib/UI/Dialog/Backend/GDialog.pm b/lib/UI/Dialog/Backend/GDialog.pm
@@ -71,6 +71,8 @@ sub new {
 		croak("the gdialog binary could not be found at: ".$self->{'_opts'}->{'bin'});
     }
 
+    $self->{'_opts'}->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     return($self);
 }
 

diff --git a/lib/UI/Dialog/Backend/KDialog.pm b/lib/UI/Dialog/Backend/KDialog.pm
@@ -71,6 +71,9 @@ sub new {
     unless (-x $self->{'_opts'}->{'bin'}) {
 		croak("the kdialog binary could not be found at: ".$self->{'_opts'}->{'bin'});
     }
+
+    $self->{'_opts'}->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     return($self);
 }
 

diff --git a/lib/UI/Dialog/Backend/NotifySend.pm b/lib/UI/Dialog/Backend/NotifySend.pm
@@ -69,6 +69,8 @@ sub new {
     $self->{'_opts'}->{'category'} = $self->cfg_escape($cfg->{'category'});
     $self->{'_opts'}->{'hint'} = $self->cfg_escape($cfg->{'hint'});
 
+    $self->{'_opts'}->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     return($self);
 }
 

diff --git a/lib/UI/Dialog/Backend/Whiptail.pm b/lib/UI/Dialog/Backend/Whiptail.pm
@@ -72,6 +72,9 @@ sub new {
     unless (-x $self->{'_opts'}->{'bin'}) {
 		croak("the whiptail binary could not be found at: ".$self->{'_opts'}->{'bin'});
     }
+
+    $self->{'_opts'}->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     return($self);
 }
 

diff --git a/lib/UI/Dialog/Backend/XDialog.pm b/lib/UI/Dialog/Backend/XDialog.pm
@@ -164,6 +164,8 @@ sub new {
     $self->{'_opts'}->{'timeout'} = $cfg->{'timeout'} || 0;
     $self->{'_opts'}->{'wait'} = $cfg->{'wait'} || 0;
 
+    $self->{'_opts'}->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     return($self);
 }
 

diff --git a/lib/UI/Dialog/Backend/XOSD.pm b/lib/UI/Dialog/Backend/XOSD.pm
@@ -75,6 +75,9 @@ sub new {
     unless (-x $self->{'_opts'}->{'bin'}) {
 		croak("the osd_cat binary could not be found at: ".$self->{'_opts'}->{'bin'});
     }
+
+    $self->{'_opts'}->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     return($self);
 }
 

diff --git a/lib/UI/Dialog/Backend/Zenity.pm b/lib/UI/Dialog/Backend/Zenity.pm
@@ -74,6 +74,8 @@ sub new {
 		croak("the zenity binary could not be found at: ".$self->{'_opts'}->{'bin'});
     }
 
+    $self->{'_opts'}->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     my $command = $self->{'_opts'}->{'bin'}." --version";
     my $version = `$command 2>&1`;
     chomp( $version );

diff --git a/lib/UI/Dialog/Console.pm b/lib/UI/Dialog/Console.pm
@@ -57,6 +57,8 @@ sub new {
     $self->_debug("ENV->UI_DIALOG: ".($ENV{'UI_DIALOG'}||'NULL'),2);
     unshift(@{$cfg->{'order'}},$ENV{'UI_DIALOG'}) if $ENV{'UI_DIALOG'};
 
+    $cfg->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     my @opts = ();
     foreach my $opt (keys(%$cfg)) { push(@opts,$opt,$cfg->{$opt}); }
 

diff --git a/lib/UI/Dialog/GNOME.pm b/lib/UI/Dialog/GNOME.pm
@@ -57,6 +57,8 @@ sub new {
     $self->_debug("ENV->UI_DIALOG: ".($ENV{'UI_DIALOG'}||'NULL'),2);
     unshift(@{$cfg->{'order'}},$ENV{'UI_DIALOG'}) if $ENV{'UI_DIALOG'};
 
+    $cfg->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     my @opts = ();
     foreach my $opt (keys(%$cfg)) { push(@opts,$opt,$cfg->{$opt}); }
 

diff --git a/lib/UI/Dialog/Gauged.pm b/lib/UI/Dialog/Gauged.pm
@@ -68,6 +68,8 @@ sub new {
     $self->_debug("ENV->UI_DIALOG: ".($ENV{'UI_DIALOG'}||'NULL'),2);
     unshift(@{$cfg->{'order'}},$ENV{'UI_DIALOG'}) if $ENV{'UI_DIALOG'};
 
+    $cfg->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     my @opts = ();
     foreach my $opt (keys(%$cfg)) { push(@opts,$opt,$cfg->{$opt}); }
 

diff --git a/lib/UI/Dialog/KDE.pm b/lib/UI/Dialog/KDE.pm
@@ -57,6 +57,8 @@ sub new {
     $self->_debug("ENV->UI_DIALOG: ".($ENV{'UI_DIALOG'}||'NULL'),2);
     unshift(@{$cfg->{'order'}},$ENV{'UI_DIALOG'}) if $ENV{'UI_DIALOG'};
 
+    $cfg->{'trust-input'} = ($cfg->{'trust-input'}==1) ? 1 : 0;
+
     my @opts = ();
     foreach my $opt (keys(%$cfg)) { push(@opts,$opt,$cfg->{$opt}); }
 

diff --git a/lib/UI/Dialog/Screen/Menu.pm b/lib/UI/Dialog/Screen/Menu.pm
@@ -33,6 +33,7 @@ sub new {
           PATH => (defined $args{PATH}) ? $args{PATH} : undef,
           beepbefore => (defined $args{beepbefore}) ? $args{beepbefore} : undef,
           beepafter => (defined $args{beepafter}) ? $args{beepafter} : undef,
+          'trust-input' = ($args{'trust-input'}==1) ? 1 : 0;
          );
     }
     unless (exists $args{menu}) {