Module: sip-router Branch: 4.1 Commit: cc40de5865b1758681f97b7d92c1fed533ed7c7f URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=cc40de5… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Thu Sep 25 16:59:34 2014 +0200 exec: add parameter to control the option for bash exec safety check of CVE-2014-6271 - parameter: bash_safety - default is 1 (enabled), set to 0 to disable - just in case someone needs that kind of header and knows what he/she does (cherry picked from commit 21eb073c25b66b110193f1607b93f256f7d9fdfa) --- modules/exec/exec_hf.c | 6 ++++-- modules/exec/exec_mod.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/exec/exec_hf.c b/modules/exec/exec_hf.c index d336070..4fc248d 100644 --- a/modules/exec/exec_hf.c +++ b/modules/exec/exec_hf.c @@ -52,6 +52,8 @@ #include "../../char_msg_val.h" #include "exec_hf.h" +extern int exec_bash_safety; + /* should be environment variables set by header fields ? */ unsigned int setvars=1; @@ -256,7 +258,7 @@ static int print_hf_var(struct hf_wrapper *w, int offset) memcpy(envvar, w->prefix, w->prefix_len); c=envvar+w->prefix_len; memcpy(c, hname, hlen ); c+=hlen; *c=EV_ASSIGN;c++; - if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { + if (exec_bash_safety && !strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 ); c+=(w->u.hf->body.len-2); } else { @@ -265,7 +267,7 @@ static int print_hf_var(struct hf_wrapper *w, int offset) } for (wi=w->next_same; wi; wi=wi->next_same) { *c=HF_SEPARATOR;c++; - if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { + if (exec_bash_safety && !strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) { memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 ); c+=(w->u.hf->body.len-2); } else { diff --git a/modules/exec/exec_mod.c b/modules/exec/exec_mod.c index 86947c0..547fffb 100644 --- a/modules/exec/exec_mod.c +++ b/modules/exec/exec_mod.c @@ -44,6 +44,7 @@ MODULE_VERSION unsigned int time_to_kill=0; +int exec_bash_safety=1; static int mod_init( void ); @@ -77,6 +78,7 @@ static cmd_export_t cmds[] = { static param_export_t params[] = { {"time_to_kill", INT_PARAM, &time_to_kill}, {"setvars", INT_PARAM, &setvars }, + {"bash_safety", INT_PARAM, &exec_bash_safety }, {0, 0, 0} };