From 5e2e13aac2627023354038a25fdb8c5327c4eb6a Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Wed, 21 Mar 2012 09:34:39 +0530 Subject: [PATCH] review all user input, system(), and `` --- src/commands/desc | 10 +++++++--- src/commands/perms | 1 + src/commands/post-compile/ssh-authkeys | 3 ++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/commands/desc b/src/commands/desc index 32d0a94..77466ee 100755 --- a/src/commands/desc +++ b/src/commands/desc @@ -16,14 +16,18 @@ repo=$1; shift # this shell script takes arguments that are completely under the user's # control, so make sure you quote those suckers! - gitolite creator "$repo" $GL_USER || die You are not authorised +# if it passes, $repo is a valid repo name so it is known to contain only sane +# characters. This is because 'gitolite creator' return true only if there +# *is* a repo of that name and it has a gl-creator file that contains the same +# text as $GL_USER. + descfile=`gitolite query-rc GL_REPO_BASE`/"$repo".git/description if [ -z "$1" ] then - [ -r $descfile ] && cat $descfile + [ -r "$descfile" ] && cat "$descfile" exit 0 fi -echo "$*" > $descfile +echo "$*" > "$descfile" diff --git a/src/commands/perms b/src/commands/perms index 45004dc..08faff4 100755 --- a/src/commands/perms +++ b/src/commands/perms @@ -69,6 +69,7 @@ sub setperms { my ( $op, $role, $user ) = @_; _die "Invalid syntax. Please re-run with '-h' for detailed usage" if $op ne '+' and $op ne '-'; _die "Invalid role '$role'; check the rc file" if not $rc{ROLES}{$role}; + _die "Invalid user '$user'" if not $user =~ $USERNAME_PATT; my $text = ''; my @text = slurp($pf) if -f $pf; diff --git a/src/commands/post-compile/ssh-authkeys b/src/commands/post-compile/ssh-authkeys index 6f8f23f..792ffc5 100755 --- a/src/commands/post-compile/ssh-authkeys +++ b/src/commands/post-compile/ssh-authkeys @@ -87,6 +87,7 @@ sub fp { my $in = shift || ''; if ( $in =~ /\.pub$/ ) { # single pubkey file + _die "bad pubkey file '$in'" unless $in =~ $REPONAME_PATT; return fp_file($in); } elsif ( -f $in ) { # an authkeys file @@ -99,7 +100,7 @@ sub fp { sub fp_file { my $f = shift; - my $fp = `ssh-keygen -l -f $f`; + my $fp = `ssh-keygen -l -f '$f'`; chomp($fp); _die "fingerprinting failed for $f" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/; $fp = $1;