diff options
author | Erich Eckner <git@eckner.net> | 2017-10-23 12:29:37 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2017-10-23 12:29:37 +0200 |
commit | 001b21871c61e3a13a949173e429f86ea362959d (patch) | |
tree | 5b563f944b484d1c46916f82d7c7592f05d12d2f | |
parent | d05885c1afb96dc893d4eb763d2ee577a7686fb5 (diff) | |
download | builder-001b21871c61e3a13a949173e429f86ea362959d.tar.xz |
bin/slave-build-connect: repair, but still preven shell injections
-rwxr-xr-x | bin/slave-build-connect | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/bin/slave-build-connect b/bin/slave-build-connect index e773256..84abba1 100755 --- a/bin/slave-build-connect +++ b/bin/slave-build-connect @@ -5,13 +5,21 @@ if [ "${SSH_ORIGINAL_COMMAND%% *}" = "get-assignment" ] || \ [ "${SSH_ORIGINAL_COMMAND%% *}" = "return-assignment" ]; then - export slave="$1" - # this is somewhat cumbersome, but we want: - # - no expansion of special shell-chars (*,;,\n,&&,~,$HOME) - # - splitting of arguments on spaces - echo "${SSH_ORIGINAL_COMMAND#* }" | \ - xargs "${base_dir}/bin/${SSH_ORIGINAL_COMMAND%% *}" + + # small check to prevent some shell-injections + if echo "${SSH_ORIGINAL_COMMAND}" | \ + grep -q '[^-a-zA-Z0-9.+_]'; then + + >&2 printf 'Invalid command: "%s".\n' "${SSH_ORIGINAL_COMMAND}" + exit 42 + + fi + + slave="$1" /bin/sh -c "${base_dir}/bin/${SSH_ORIGINAL_COMMAND}" + else - >&2 echo "Invalid command: '${SSH_ORIGINAL_COMMAND%% *}'" + + >&2 printf 'Invalid command: "%s".\n' "${SSH_ORIGINAL_COMMAND}" exit 42 + fi |