diff options
| -rw-r--r-- | src/perl/perl-common.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/perl/perl-common.c b/src/perl/perl-common.c index 02ae28dd..03dcc01e 100644 --- a/src/perl/perl-common.c +++ b/src/perl/perl-common.c @@ -526,6 +526,16 @@ static void perl_script_fill_hash(HV *hv, PERL_SCRIPT_REC *script) hv_store(hv, "data", 4, new_pv(script->data), 0); } +static void remove_newlines(char *str) +{ + char *writing = str; + + for (;*str;str++) + if (*str != '\n' && *str != '\r') + *(writing++) = *str; + *writing = '\0'; +} + void perl_command(const char *cmd, SERVER_REC *server, WI_ITEM_REC *item) { const char *cmdchars; @@ -540,6 +550,14 @@ void perl_command(const char *cmd, SERVER_REC *server, WI_ITEM_REC *item) sendcmd = g_strdup_printf("%c%s", *cmdchars, cmd); } + /* remove \r and \n from commands, + to make it harder to introduce a security bug in a script */ + if(strpbrk(sendcmd, "\r\n")) { + if (sendcmd == cmd) + sendcmd = strdup(cmd); + remove_newlines(sendcmd); + } + signal_emit("send command", 3, sendcmd, server, item); if (sendcmd != cmd) g_free(sendcmd); } |