commit 9578aed0a51f5c77fd20fd40cead126c7cdd5030 Author: William Cohen Date: Thu Jun 2 10:24:26 2011 -0400 Do additional checks on user supplied arguments Avoid blindly setting variable to user-supplied values. Check to the values to make sure they do not contain odd punctuation. Signed-off-by: William Cohen diff --git a/utils/opcontrol b/utils/opcontrol index 8f584ad..92baa0d 100644 --- a/utils/opcontrol +++ b/utils/opcontrol @@ -78,7 +78,8 @@ guess_number_base() # check value is a valid number error_if_not_number() { - guess_number_base $2 + error_if_empty "$1" "$2" + guess_number_base "$2" if test "$?" -eq 0 ; then echo "Argument for $1, $2, is not a valid number." >&2 exit 1 @@ -86,13 +87,33 @@ error_if_not_number() } # check value is a base filename -error_if_not_basename() +error_if_not_valid_savename() { + error_if_empty "$1" "$2" bname=`basename "$2"` if test "$2" != "$bname"; then - echo "Argument for $1, $2, is not a base filename." >&2 + echo "Argument for $1, $2, cannot change directory." >&2 exit 1 fi + case "$2" in + # The following catches anything that is not + # 0-9, a-z, A-Z, an '-', ':', ',', '.', or '/' + *[!-[:alnum:]_:,./]*) + echo "Argument for $1, $2, not allow to have special characters" >&2 + exit 1;; + esac +} + +error_if_invalid_arg() +{ + error_if_empty "$1" "$2" + case "$2" in + # The following catches anything that is not + # 0-9, a-z, A-Z, an '-', ':', ',', '.', or '/' + *[!-[:alnum:]_:,./]*) + echo "Argument for $1, $2, is not valid argument." >&2 + exit 1;; + esac } # rm_device arguments $1=file_name @@ -814,8 +835,7 @@ do_options() ;; --save) - error_if_empty $arg $val - error_if_not_basename $arg $val + error_if_not_valid_savename "$arg" "$val" DUMP=yes SAVE_SESSION=yes SAVE_NAME=$val @@ -840,8 +860,7 @@ do_options() # already processed ;; --buffer-size) - error_if_empty $arg $val - error_if_not_number $arg $val + error_if_not_number "$arg" "$val" BUF_SIZE=$val DO_SETUP=yes ;; @@ -850,8 +869,7 @@ do_options() echo "$arg unsupported for this kernel version" exit 1 fi - error_if_empty $arg $val - error_if_not_number $arg $val + error_if_not_number "$arg" "$val" BUF_WATERSHED=$val DO_SETUP=yes ;; @@ -860,13 +878,12 @@ do_options() echo "$arg unsupported for this kernel version" exit 1 fi - error_if_empty $arg $val - error_if_not_number $arg $val + error_if_not_number "$arg" "$val" CPU_BUF_SIZE=$val DO_SETUP=yes ;; -e|--event) - error_if_empty $arg $val + error_if_invalid_arg "$arg" "$val" # reset any read-in defaults from daemonrc if test "$SEEN_EVENT" = "0"; then NR_CHOSEN=0 @@ -887,17 +904,16 @@ do_options() DO_SETUP=yes ;; -c|--callgraph) - error_if_empty $arg $val if test ! -f $MOUNT/backtrace_depth; then echo "Call-graph profiling unsupported on this kernel/hardware" >&2 exit 1 fi - error_if_not_number $arg $val + error_if_not_number "$arg" "$val" CALLGRAPH=$val DO_SETUP=yes ;; --vmlinux) - error_if_empty $arg $val + error_if_invalid_arg "$arg" "$val" VMLINUX=$val DO_SETUP=yes ;; @@ -906,32 +922,32 @@ do_options() DO_SETUP=yes ;; --kernel-range) - error_if_empty $arg $val + error_if_invalid_arg "$arg" "$val" KERNEL_RANGE=$val DO_SETUP=yes ;; --xen) - error_if_empty $arg $val + error_if_invalid_arg "$arg" "$val" XENIMAGE=$val DO_SETUP=yes ;; --active-domains) - error_if_empty $arg $val + error_if_invalid_arg $arg $val ACTIVE_DOMAINS=$val DO_SETUP=yes ;; --note-table-size) - error_if_empty $arg $val if test "$KERNEL_SUPPORT" = "yes"; then echo "\"$arg\" meaningless on this kernel" >&2 exit 1 else + error_if_not_number "$arg" "$val" NOTE_SIZE=$val fi DO_SETUP=yes ;; -i|--image) - error_if_empty $arg $val + error_if_invalid_arg "$arg" "$val" if test "$val" = "all"; then IMAGE_FILTER= else @@ -944,6 +960,7 @@ do_options() if test -z "$val"; then VERBOSE="all" else + error_if_invalid_arg "$arg" "$val" VERBOSE=$val fi ;; @@ -1898,7 +1915,7 @@ check_options_early() exit 0 ;; --session-dir) - error_if_empty $arg $val + error_if_invalid_arg "$arg" "$val" SESSION_DIR="$val" DO_SETUP=yes # do not exit early