diff options
author | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-09-13 20:33:03 +0000 |
---|---|---|
committer | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-09-13 20:33:03 +0000 |
commit | 36a6e7f22e5510d12bd8e11a5b25f29360fbd75c (patch) | |
tree | 47c1275d272c9ed2dd6e548447651379b9978c6b | |
parent | 4d1e32528fcf9a44011184a99cff7493e363b400 (diff) |
Prevent <include:executable> from running <include:executable> itself [jackmcbarn]
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11710 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r-- | include/configreader.h | 8 | ||||
-rw-r--r-- | src/configreader.cpp | 26 |
2 files changed, 20 insertions, 14 deletions
diff --git a/include/configreader.h b/include/configreader.h index c8cd13081..45384b8a3 100644 --- a/include/configreader.h +++ b/include/configreader.h @@ -140,7 +140,7 @@ class CoreExport ServerConfig : public classbase * configutation, appending errors to errorstream * and setting error if an error has occured. */ - bool ParseLine(const std::string &filename, std::string &line, long &linenumber); + bool ParseLine(const std::string &filename, std::string &line, long &linenumber, bool allowexeinc); /** Check that there is only one of each configuration item */ @@ -156,7 +156,7 @@ class CoreExport ServerConfig : public classbase /** Process an include file directive */ - bool DoInclude(const std::string &file); + bool DoInclude(const std::string &file, bool allowexeinc); /** Error stream, contains error output from any failed configuration parsing. */ @@ -618,12 +618,12 @@ class CoreExport ServerConfig : public classbase /** Load 'filename' into 'target', with the new config parser everything is parsed into * tag/key/value at load-time rather than at read-value time. */ - bool LoadConf(FILE* &conf, const char* filename); + bool LoadConf(FILE* &conf, const char* filename, bool allowexeinc); /** Load 'filename' into 'target', with the new config parser everything is parsed into * tag/key/value at load-time rather than at read-value time. */ - bool LoadConf(FILE* &conf, const std::string &filename); + bool LoadConf(FILE* &conf, const std::string &filename, bool allowexeinc); /** Writes 'length' chars into 'result' as a string */ diff --git a/src/configreader.cpp b/src/configreader.cpp index 8d705f0ca..fdb558789 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -905,7 +905,7 @@ void ServerConfig::Read() { /* Load and parse the config file, if there are any errors then explode */ - if (!this->DoInclude(ServerInstance->ConfigFileName)) + if (!this->DoInclude(ServerInstance->ConfigFileName, true)) { valid = false; return; @@ -1275,7 +1275,7 @@ void ServerConfig::ApplyModules(User* user) ServerInstance->SNO->WriteToSnoMask('a', "*** Successfully rehashed server."); } -bool ServerConfig::LoadConf(FILE* &conf, const char* filename) +bool ServerConfig::LoadConf(FILE* &conf, const char* filename, bool allowexeinc) { std::string line; char ch; @@ -1459,7 +1459,7 @@ bool ServerConfig::LoadConf(FILE* &conf, const char* filename) * LoadConf() and load the included config into the same ConfigDataHash */ long bl = linenumber; - if (!this->ParseLine(filename, line, linenumber)) + if (!this->ParseLine(filename, line, linenumber, allowexeinc)) return false; last_successful_parse = linenumber; @@ -1487,12 +1487,12 @@ bool ServerConfig::LoadConf(FILE* &conf, const char* filename) } -bool ServerConfig::LoadConf(FILE* &conf, const std::string &filename) +bool ServerConfig::LoadConf(FILE* &conf, const std::string &filename, bool allowexeinc) { - return this->LoadConf(conf, filename.c_str()); + return this->LoadConf(conf, filename.c_str(), allowexeinc); } -bool ServerConfig::ParseLine(const std::string &filename, std::string &line, long &linenumber) +bool ServerConfig::ParseLine(const std::string &filename, std::string &line, long &linenumber, bool allowexeinc) { std::string tagname; std::string current_key; @@ -1610,11 +1610,17 @@ bool ServerConfig::ParseLine(const std::string &filename, std::string &line, lon if ((tagname == "include") && (current_key == "file")) { - if (!this->DoInclude(current_value)) + if (!this->DoInclude(current_value, allowexeinc)) return false; } else if ((tagname == "include") && (current_key == "executable")) { + if (!allowexeinc) + { + errstr << "Configuration added by <include:executable> is not allowed to have its own <include:executable> tags for security reasons." << std::endl; + return false; + } + /* Pipe an executable and use its stdout as config data */ if (!this->DoPipe(current_value)) return false; @@ -1649,7 +1655,7 @@ bool ServerConfig::DoPipe(const std::string &file) if (conf) { - ret = LoadConf(conf, file.c_str()); + ret = LoadConf(conf, file.c_str(), false); pclose(conf); } else @@ -1663,7 +1669,7 @@ bool ServerConfig::StartsWithWindowsDriveLetter(const std::string &path) return (path.length() > 2 && isalpha(path[0]) && path[1] == ':'); } -bool ServerConfig::DoInclude(const std::string &file) +bool ServerConfig::DoInclude(const std::string &file, bool allowexeinc) { std::string confpath; std::string newfile; @@ -1694,7 +1700,7 @@ bool ServerConfig::DoInclude(const std::string &file) if (conf) { - ret = LoadConf(conf, newfile); + ret = LoadConf(conf, newfile, allowexeinc); fclose(conf); } else |