[Libguestfs] [PATCH 2/2] launch: Validate $TERM before passing it through to the kernel command line.

Richard W.M. Jones rjones at redhat.com
Sun Dec 18 20:09:29 UTC 2016


Make sure it is reasonable before we pass it through to the kernel
command line.  I don't believe this is exploitable, but it might cause
obscure bugs.
---
 src/launch.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/launch.c b/src/launch.c
index 84d5e82..ee2a23d 100644
--- a/src/launch.c
+++ b/src/launch.c
@@ -39,6 +39,8 @@
 #include <assert.h>
 #include <libintl.h>
 
+#include "c-ctype.h"
+
 #include "guestfs.h"
 #include "guestfs-internal.h"
 #include "guestfs-internal-actions.h"
@@ -284,6 +286,28 @@ guestfs_impl_config (guestfs_h *g,
   return 0;
 }
 
+/**
+ * Check that the $TERM environment variable is reasonable before
+ * we pass it through to the appliance.
+ */
+static int
+valid_term (const char *term)
+{
+  size_t len = strlen (term);
+
+  if (len == 0 || len > 16)
+    return 0;
+
+  while (len > 0) {
+    char c = *term++;
+    len--;
+    if (!c_isalnum (c) && c != '-' && c != '_')
+      return 0;
+  }
+
+  return 1;
+}
+
 #if defined(__powerpc64__)
 #define SERIAL_CONSOLE "console=hvc0 console=ttyS0"
 #elif defined(__arm__) || defined(__aarch64__)
@@ -425,7 +449,7 @@ guestfs_int_appliance_command_line (guestfs_h *g, const char *appliance_dev,
     guestfs_int_add_string (g, &argv, "guestfs_network=1");
 
   /* TERM environment variable. */
-  if (term)
+  if (term && valid_term (term))
     guestfs_int_add_sprintf (g, &argv, "TERM=%s", term);
   else
     guestfs_int_add_string (g, &argv, "TERM=linux");
-- 
2.10.2




More information about the Libguestfs mailing list