public inbox for cluster-cvs@sourceware.org
help / color / mirror / Atom feed
* cluster: master - fence: fix IPMI parameters containing special characters
@ 2008-11-20 11:55 Jan Friesse
0 siblings, 0 replies; only message in thread
From: Jan Friesse @ 2008-11-20 11:55 UTC (permalink / raw)
To: cluster-cvs-relay
Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=e7d0baf569d0cac30ca8223a7b277f32fad4314c
Commit: e7d0baf569d0cac30ca8223a7b277f32fad4314c
Parent: ec4cacca05f639144d5606efcbc39d65f37bb108
Author: Jan Friesse <jfriesse@redhat.com>
AuthorDate: Thu Nov 20 12:51:20 2008 +0100
Committer: Jan Friesse <jfriesse@redhat.com>
CommitterDate: Thu Nov 20 12:51:20 2008 +0100
fence: fix IPMI parameters containing special characters
IPMI fence agent works by spawn a /bin/sh and ipmitool.
If host name/password or any other command line argument
included special shell characters (like $, ", ', ...) shell
will try to substitute. This is not allowed behaviour and
this patch fix it.
Should fix BZ #447964
---
fence/agents/ipmilan/ipmilan.c | 51 +++++++++++++++++++++++++++++++++++----
1 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/fence/agents/ipmilan/ipmilan.c b/fence/agents/ipmilan/ipmilan.c
index 5e6c8a9..fc422bc 100644
--- a/fence/agents/ipmilan/ipmilan.c
+++ b/fence/agents/ipmilan/ipmilan.c
@@ -138,34 +138,73 @@ ipmitool_path(void)
}
+/** Prepare string for use in sh style environment. This function take source
+ string and prepend/append quote (') to start/end of source string to dest
+ string. Any occurence of quote in source string is replaced by '\'' sequence.
+ Dest string must be preallocated.
+
+ @param dest Destination string
+ @param source Source string
+ @param max_len Maximum length of data written to dest string (including end 0)
+ @return Pointer to start of destination string.
+*/
+char *str_prepare_for_sh(char *dest,char *source,int max_len) {
+ char *dest_p=dest;
+ char *max_dest=dest+max_len;
+
+ if (dest_p+1>=max_dest) {*dest_p=0;return dest;}
+ *dest_p++='\'';
+
+ while (*source) {
+ if (*source=='\'') {
+ if (dest_p+4>=max_dest) {*dest_p=0;return dest;}
+
+ memcpy(dest_p,"'\\''",4);dest_p+=4;
+ } else {
+ if (dest_p+1>=max_dest) {*dest_p=0;return dest;}
+
+ *dest_p++=*source;
+ }
+ source++;
+ }
+
+ if (dest_p+2>=max_dest) {*dest_p=0;return dest;}
+
+ *dest_p++='\'';*dest_p=0;
+
+ return dest;
+}
+
static int
build_cmd(char *command, size_t cmdlen, struct ipmi *ipmi, int op)
{
char cmd[2048];
char arg[2048];
+ char tmp[2048];
int x;
/* Store path */
if (ipmi->i_lanplus) {
- snprintf(cmd, sizeof(cmd), "%s -I lanplus -H %s",
- ipmi->i_ipmitool, ipmi->i_host);
+ snprintf(cmd, sizeof(cmd), "%s -I lanplus -H %s",
+ ipmi->i_ipmitool,
+ str_prepare_for_sh(tmp,ipmi->i_host,sizeof(tmp)));
} else {
snprintf(cmd, sizeof(cmd), "%s -I lan -H %s", ipmi->i_ipmitool,
- ipmi->i_host);
+ str_prepare_for_sh(tmp,ipmi->i_host,sizeof(tmp)));
}
if (ipmi->i_user) {
- snprintf(arg, sizeof(arg), " -U %s", ipmi->i_user);
+ snprintf(arg, sizeof(arg), " -U %s", str_prepare_for_sh(tmp,ipmi->i_user,sizeof(tmp)));
strncat(cmd, arg, sizeof(cmd) - strlen(arg));
}
if (ipmi->i_authtype) {
- snprintf(arg, sizeof(arg), " -A %s", ipmi->i_authtype);
+ snprintf(arg, sizeof(arg), " -A %s", str_prepare_for_sh(tmp,ipmi->i_authtype,sizeof(tmp)));
strncat(cmd, arg, sizeof(cmd) - strlen(arg));
}
if (ipmi->i_password) {
- snprintf(arg, sizeof(arg), " -P %s", ipmi->i_password);
+ snprintf(arg, sizeof(arg), " -P %s", str_prepare_for_sh(tmp,ipmi->i_password,sizeof(tmp)));
strncat(cmd, arg, sizeof(cmd) - strlen(arg));
} else {
snprintf(arg, sizeof(arg), " -P ''");
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-11-20 11:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-11-20 11:55 cluster: master - fence: fix IPMI parameters containing special characters Jan Friesse
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).