From a41a93ff060dd04c692f1faa166973f2c5f0878c Mon Sep 17 00:00:00 2001
From: Taniadz <tdziubenko@ukr.net>
Date: Mon, 18 Sep 2017 11:03:40 +0300
Subject: T387: prevent command injection in VyConf external validator
 execution

---
 src/value_checker.ml | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/value_checker.ml b/src/value_checker.ml
index 3cd7123..1f123c0 100644
--- a/src/value_checker.ml
+++ b/src/value_checker.ml
@@ -17,16 +17,12 @@ let validate_value dir value_constraint value =
          *)
         let validator = F.concat dir v in
         let arg = BatOption.default "" c in
-        let danger = "[\",\\$,`]" in
-        let allowable = "'.*'" in
-            match Pcre.pmatch ~rex:(Pcre.regexp danger) validator with
-            |true -> false
-            |false ->
-                (match Pcre.pmatch ~rex:(Pcre.regexp danger) arg with
-                |false -> true
-                |true -> (try let _ = Pcre.exec ~pat:allowable arg in true
-                            with Not_found -> false)
-                )
+        let safe_arg = "'" ^ Pcre.qreplace ~pat:"\"" ~templ:"\\\"" arg ^ "'" in
+        let result = Unix.system (Printf.sprintf "%s %s %s" validator safe_arg value) in
+        match result with
+        | Unix.WEXITED 0 -> true
+        | Unix.WEXITED 127 -> raise (Bad_validator (Printf.sprintf "Could not execute validator %s" validator))
+        | _ -> false
 
 (* If no constraints given, consider it valid.
    Otherwise consider it valid if it satisfies at least
-- 
cgit v1.2.3