[sr-dev] git:4.1: exec: add parameter to control the option for bash exec safety check of CVE-2014-6271

Daniel-Constantin Mierla miconda at gmail.com
Thu Sep 25 17:03:13 CEST 2014 

Module: sip-router
Branch: 4.1
Commit: cc40de5865b1758681f97b7d92c1fed533ed7c7f
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=cc40de5865b1758681f97b7d92c1fed533ed7c7f

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Thu Sep 25 16:59:34 2014 +0200

exec: add parameter to control the option for bash exec safety check of CVE-2014-6271

- parameter: bash_safety - default is 1 (enabled), set to 0 to disable
- just in case someone needs that kind of header and knows what
  he/she does

(cherry picked from commit 21eb073c25b66b110193f1607b93f256f7d9fdfa)

---

 modules/exec/exec_hf.c  |    6 ++++--
 modules/exec/exec_mod.c |    2 ++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/exec/exec_hf.c b/modules/exec/exec_hf.c
index d336070..4fc248d 100644
--- a/modules/exec/exec_hf.c
+++ b/modules/exec/exec_hf.c
@@ -52,6 +52,8 @@
 #include "../../char_msg_val.h"
 #include "exec_hf.h"
 
+extern int exec_bash_safety;
+
 /* should be environment variables set by header fields ? */
 unsigned int setvars=1;
 
@@ -256,7 +258,7 @@ static int print_hf_var(struct hf_wrapper *w, int offset)
 	memcpy(envvar, w->prefix, w->prefix_len); c=envvar+w->prefix_len;
 	memcpy(c, hname, hlen ); c+=hlen;
 	*c=EV_ASSIGN;c++;
-	if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) {
+	if (exec_bash_safety && !strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) {
 		memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 );
 		c+=(w->u.hf->body.len-2);
 	} else {
@@ -265,7 +267,7 @@ static int print_hf_var(struct hf_wrapper *w, int offset)
 	}
 	for (wi=w->next_same; wi; wi=wi->next_same) {
 		*c=HF_SEPARATOR;c++;
-		if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) {
+		if (exec_bash_safety && !strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) {
 			memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 );
 			c+=(w->u.hf->body.len-2);
 		} else {
diff --git a/modules/exec/exec_mod.c b/modules/exec/exec_mod.c
index 86947c0..547fffb 100644
--- a/modules/exec/exec_mod.c
+++ b/modules/exec/exec_mod.c
@@ -44,6 +44,7 @@
 MODULE_VERSION
 
 unsigned int time_to_kill=0;
+int exec_bash_safety=1;
 
 static int mod_init( void );
 
@@ -77,6 +78,7 @@ static cmd_export_t cmds[] = {
 static param_export_t params[] = {
 	{"time_to_kill", INT_PARAM, &time_to_kill},
 	{"setvars",      INT_PARAM, &setvars     },
+	{"bash_safety",  INT_PARAM, &exec_bash_safety     },
 	{0, 0, 0}
 };

More information about the sr-dev mailing list