From 5a684004adffb20dfacfb5c436f756764b5170f1 Mon Sep 17 00:00:00 2001 From: bloodstalker Date: Mon, 13 Mar 2017 14:17:53 +0330 Subject: trying to fix the tainted string issue --- daemon/daemon_aux.c | 43 ++++++++++++++++++++++++++++++++++++++++--- daemon/daemon_aux.h | 6 ++++++ daemon/mutatorserver.c | 13 +++++++++++-- 3 files changed, 57 insertions(+), 5 deletions(-) (limited to 'daemon') diff --git a/daemon/daemon_aux.c b/daemon/daemon_aux.c index 4f93aec..ce47f37 100644 --- a/daemon/daemon_aux.c +++ b/daemon/daemon_aux.c @@ -33,6 +33,33 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.* #include #include /**********************************************************************************************************************/ +bool cleanser(char cleansee[]) +{ + bool nullterminated = false; + bool cleansee_health = true; + + for (int i = 0; i < 2000; ++i) + { + if (cleansee[i] == '\0') + { + nullterminated = true; + break; + } + + if (cleansee[i] == '|') + { + cleansee_health = false; + } + + if (cleansee[i] == ';') + { + cleansee_health = false; + } + } + + return (cleansee_health && nullterminated); +} +/**********************************************************************************************************************/ int mutator_server(FILE* log_file) { int socket_desc, client_sock, socketlength, read_size; @@ -42,6 +69,7 @@ int mutator_server(FILE* log_file) FILE* clientistream; char runresponse[4000]; char NOOUT[]="command did not return any output. could be an error or not.\n"; + char BADOUT[]="what are you exactly trying to do?"; /*create socket*/ socket_desc = socket(AF_INET, SOCK_STREAM, 0); @@ -90,10 +118,19 @@ int mutator_server(FILE* log_file) { fflush(stdin); - fprintf(log_file, "%s","got command from client.\n"); + fprintf(log_file, "%s", "got command from client.\n"); - /*open pipe, run command*/ - clientistream = popen(client_message, "r"); + if (cleanser(client_message) == true) + { + /*open pipe, run command*/ + clientistream = popen(client_message, "r"); + } + else + { + fprintf(log_file, "%s", "what are you trying to do exactly?"); + write(client_sock, BADOUT, strlen(BADOUT)); + continue; + } if (clientistream == NULL) { diff --git a/daemon/daemon_aux.h b/daemon/daemon_aux.h index 04a504d..e0b1954 100644 --- a/daemon/daemon_aux.h +++ b/daemon/daemon_aux.h @@ -24,7 +24,13 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.* /*headers*/ #include /**********************************************************************************************************************/ +typedef int bool; +#define true 1 +#define false 0 +/**********************************************************************************************************************/ /*function prototypes*/ +bool cleanser(char cleansee[]); + int mutator_server(FILE* log_file); #endif diff --git a/daemon/mutatorserver.c b/daemon/mutatorserver.c index 5965a69..4450583 100644 --- a/daemon/mutatorserver.c +++ b/daemon/mutatorserver.c @@ -26,6 +26,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.* /**********************************************************************************************************************/ /*inclusion directive*/ #include "mutatorserver.h" +#include "daemon_aux.h" /*standard headers*/ #include #include @@ -91,8 +92,16 @@ int main (int argc, char *argv[]) puts("got command from client."); - /*open pipe, run command*/ - clientistream = popen(client_message, "r"); + if (cleanser(client_message)) + { + /*open pipe, run command*/ + clientistream = popen(client_message, "r"); + } + else + { + puts("what are you trying to do exactly?"); + continue; + } if (clientistream == NULL) { -- cgit v1.2.3