From d9eef6bc92d4798e75e051156c0540869ef203dd Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 8 Aug 2017 08:40:34 +0200 Subject: [PATCH] s3:script: Untaint user supplied data in modprinter.pl spoolss_SetPrinter fails because of the error produced by modprinter.pl. Perl error: Insecure dependency in open while running setgid at modprinter.pl line 76. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12950 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit f44917743512fa40f2833629dfd781f7c691ce62) --- source3/script/tests/printing/modprinter.pl | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/source3/script/tests/printing/modprinter.pl b/source3/script/tests/printing/modprinter.pl index 9e5e3292c6c..ec1ebcd7ab8 100755 --- a/source3/script/tests/printing/modprinter.pl +++ b/source3/script/tests/printing/modprinter.pl @@ -67,7 +67,14 @@ if (!defined($share_name)) { die "share name not defined"; } -my $tmp = $opt_smb_conf.$$; +my $smb_conf_file = $opt_smb_conf; +if ($smb_conf_file =~ /^(.*)$/) { + $smb_conf_file = $1; # untaint file name +} else { + die "Invalid file name $smb_conf_file"; +} + +my $tmp = $smb_conf_file.$$; my $section = undef; my $within_section = 0; @@ -75,7 +82,7 @@ my $found_section = 0; open(CONFIGFILE_NEW, "+>$tmp") || die "Unable top open conf file $tmp"; -open (CONFIGFILE, "+<$opt_smb_conf") || die "Unable to open config file $opt_smb_conf"; +open (CONFIGFILE, "+<$smb_conf_file") || die "Unable to open config file $smb_conf_file"; while () { my $line = $_; chomp($_); @@ -123,7 +130,9 @@ close (CONFIGFILE_NEW); if ($opt_delete && ($found_section == 0)) { die "share $share_name not found"; } -system("cp", "$tmp", "$opt_smb_conf"); + +$ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH +system("cp", "$tmp", "$smb_conf_file"); unlink $tmp; exit 0; -- 2.14.1