1 files changed, 46 insertions, 0 deletions

diff --git a/dev-util/oprofile/files/oprofile-0.9.6-Avoid-blindly-source-SETUP_FILE-with.patch b/dev-util/oprofile/files/oprofile-0.9.6-Avoid-blindly-source-SETUP_FILE-with.patch
new file mode 100644
index 000000000000..1892cc3e007a
--- /dev/null
+++ b/dev-util/oprofile/files/oprofile-0.9.6-Avoid-blindly-source-SETUP_FILE-with.patch
@@ -0,0 +1,46 @@
+commit f427df4ed4b2ec540d496abc4afa984b2dd677b4
+Author: William Cohen <wcohen@redhat.com>
+Date:   Thu Jun 2 09:44:38 2011 -0400
+
+    Avoid blindly source $SETUP_FILE with '.' (PR3303383)
+    
+    There could be arbitrary commands in the $SETUP_FILE. The '.' command
+    would blindly execute them. This change limits do_load_setup to only
+    assigning values to variables.
+
+diff --git a/utils/opcontrol b/utils/opcontrol
+index cdff19f..b981427 100644
+--- a/utils/opcontrol
++++ b/utils/opcontrol
+@@ -496,12 +496,25 @@ do_load_setup()
+ 		     || mv "$SEC_SETUP_FILE" "$SETUP_FILE"
+ 	fi
+ 
+-	if test -f "$SETUP_FILE"; then
+-		# load the actual information from file
+-		# FIXME this is insecure, arbitrary commands could be added to
+-		# $SETUP_FILE and be executed as root
+-		. $SETUP_FILE
+-	fi
++	if test ! -f "$SETUP_FILE"; then return; fi
++
++	while IFS== read -r arg val; do
++		case "$arg" in
++			# The following catches anything that is not
++			# 0-9, a-z, A-Z, or an '_'
++			*[![:alnum:]_]*)
++				echo "Invalid variable \"$arg\" in $SETUP_FILE."
++				exit 1;;
++		esac
++		case "$val" in
++			# The following catches anything that is not
++			# 0-9, a-z, A-Z, an '-', ':', ',', '.', or '/'
++			*[!-[:alnum:]_:,./]*) 
++				echo "Invalid value \"$val\" for $arg in $SETUP_FILE."
++				exit 1;;
++		esac
++		eval "${arg}=${val}"
++	done < $SETUP_FILE
+ }
+ 
+