From: paul Date: Wed, 28 Mar 2012 01:59:27 +0000 (+0000) Subject: fixed shellcode injection vulnerability in post data parser X-Git-Url: https://git.plutz.net/?a=commitdiff_plain;h=ce89f2c769bddf901043a998ab13571f1216b8a6;p=busy fixed shellcode injection vulnerability in post data parser svn path=/trunk/; revision=39 --- diff --git a/write/projectmeta.cgi b/write/projectmeta.cgi index 7f95dfd..215fe45 100755 --- a/write/projectmeta.cgi +++ b/write/projectmeta.cgi @@ -26,9 +26,9 @@ $ACL_ADMIN || exit 0 if [ -n "${CONTENT_LENGTH}" -a "${CONTENT_LENGTH}" -gt 0 ]; then (head -c "${CONTENT_LENGTH}"; echo)|sed 's/&/\n/g' \ |sed -rn '/^((appName|appSlogan|svnRepo|gitRepo|flattrThingURL|paypalAddress|btcAddress)=.*|repoType=(svn|git)|(useFlattr|usePaypal|useBitcoin)=yes)$/{ - s:\+: :g;s:%:\\x:g;s:^([a-zA-Z0-9_+-]+)=(.*)$:\1='"'\2'"':;p}' \ + s:\+: :g;s:%:\\x:g;p}' \ |while line="$(line)"; do - eval "$(echo -e "$line" |tr -d '\n\r')" + eval "$(echo -e "$line" |sed -r 's:[\n\r'\'']::g;s:^([a-zA-Z0-9_+-]+)=(.*)$:\1='"'\2'"':;')" done fi