diff options
| author | d3v1150m471c <d3v11@d3v1150m471c.ano> | 2011-07-10 08:14:52 -0500 |
|---|---|---|
| committer | d3v1150m471c <d3v11@d3v1150m471c.ano> | 2011-07-10 08:14:52 -0500 |
| commit | 6ccce373cf53d3076e0c52b5f8094eec32d534c5 (patch) | |
| tree | 25bd3d672b9bef56028c331789465a42c2b2913d /contrib/peer2anonet | |
| parent | 1df315f263b8c451c61d3d5ad88e1ed4c39f254b (diff) | |
| download | resdb-6ccce373cf53d3076e0c52b5f8094eec32d534c5.tar.gz resdb-6ccce373cf53d3076e0c52b5f8094eec32d534c5.zip | |
peer2anonet:
Sun Jul 10 08:13:17 CDT 2011 - d3v1150m471c
* security checks changed to check acceptable data and exits
showing offending info for violating data detections.
Diffstat (limited to 'contrib/peer2anonet')
| -rw-r--r-- | contrib/peer2anonet/README | 6 | ||||
| -rw-r--r-- | contrib/peer2anonet/peer2anonet | 71 |
2 files changed, 24 insertions, 53 deletions
diff --git a/contrib/peer2anonet/README b/contrib/peer2anonet/README index 384f9f2..2790296 100644 --- a/contrib/peer2anonet/README +++ b/contrib/peer2anonet/README @@ -103,4 +103,10 @@ CHANGES: Sun Jul 10 07:25:42 CDT 2011 - d3v1150m471c * security checks, whitespace removed after some data + Sun Jul 10 08:13:17 CDT 2011 - d3v1150m471c + * security checks changed to check acceptable data and exits + showing offending info for violating data detections. + + + diff --git a/contrib/peer2anonet/peer2anonet b/contrib/peer2anonet/peer2anonet index 9607204..2696f11 100644 --- a/contrib/peer2anonet/peer2anonet +++ b/contrib/peer2anonet/peer2anonet @@ -44,61 +44,26 @@ TEST[0]=$PEERNAME; TEST[1]=$YOURNET; TEST[2]=$YOURROUTE; TEST[3]=$YOURIP TEST[4]=$YOURPORT; TEST[5]=$YOURASN; TEST[6]=$REMOTEIP; TEST[7]=$PEERIP TEST[8]=$PEERPORT; TEST[9]=$PEERASN -SECURE() { - echo "peer2anonet: error: possible malicious code detected" - echo "offending data: $CHECK" - exit 1 - } - - -for CHECK in ${TEST[@]}; do -[[ $CHECK == *'rm'* ]] && SECURE -[[ $CHECK == *'mail'* ]] && SECURE -[[ $CHECK == *'cp'* ]] && SECURE -[[ $CHECK == *'mv'* ]] && SECURE -[[ $CHECK == *'ipconfig'* ]] && SECURE -[[ $CHECK == *'iwconfig'* ]] && SECURE -[[ $CHECK == *'ping'* ]] && SECURE -[[ $CHECK == *'make'* ]] && SECURE -[[ $CHECK == *'install'* ]] && SECURE -[[ $CHECK == *'uninstall'* ]] && SECURE -[[ $CHECK == *'map'* ]] && SECURE -[[ $CHECK == *'su'* ]] && SECURE -[[ $CHECK == *'sudo'* ]] && SECURE -[[ $CHECK == *'$'* ]] && SECURE -[[ $CHECK == *'!'* ]] && SECURE -[[ $CHECK == *'echo'* ]] && SECURE -[[ $CHECK == *'netcat'* ]] && SECURE -[[ $CHECK == *'id '* ]] && SECURE -[[ $CHECK == *'source'* ]] && SECURE -[[ $CHECK == *'alias '* ]] && SECURE -[[ $CHECK == *'passwd'* ]] && SECURE -[[ $CHECK == *'user'* ]] && SECURE -[[ $CHECK == *'bash'* ]] && SECURE -[[ $CHECK == *'ls '* ]] && SECURE -[[ $CHECK == *'ssh'* ]] && SECURE -[[ $CHECK == *'nc '* ]] && SECURE -[[ $CHECK == *'telnet'* ]] && SECURE -[[ $CHECK == *'rdesktop'* ]] && SECURE -[[ $CHECK == *'iptables'* ]] && SECURE -[[ $CHECK == *'}'* ]] && SECURE -[[ $CHECK == *'{'* ]] && SECURE -[[ $CHECK == *'['* ]] && SECURE -[[ $CHECK == *']'* ]] && SECURE -[[ $CHECK == *'('* ]] && SECURE -[[ $CHECK == *')'* ]] && SECURE -[[ $CHECK == *'exec'* ]] && SECURE -[[ $CHECK == *'dash'* ]] && SECURE -[[ $CHECK == *'perl'* ]] && SECURE -[[ $CHECK == *'python'* ]] && SECURE -[[ $CHECK == *'netstat'* ]] && SECURE -[[ $CHECK == *'sockstat'* ]] && SECURE -[[ $CHECK == *'>'* ]] && SECURE -[[ $CHECK == *'<'* ]] && SECURE -[[ $CHECK == *'/'* ]] && SECURE -[[ $CHECK == *'kill'* ]] && SECURE +if [[ $(echo ${TEST[0]} | tr -d 'a-zA-Z0-9._-' | wc -c) -gt 1 ]]; then + echo "peer2anonet: fatal error: unacceptable data: ${TEST[0]} +" + exit 1 +fi + +for((X=1;X<=8;X++)); do +if [[ $(echo ${TEST[$X]} | tr -d '0-9.' | wc -c) -gt 1 ]]; then + echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} +" + exit 1 +fi done +if [[ $(echo ${TEST[9]} | tr -d 'a-zA-Z0-9' | wc -c) -gt 1 ]]; then + echo "peer2anonet: fatal error: unacceptable data: ${TEST[9]} +" + exit 1 +fi + ######################################################################### # We need to check if base files need to be imported to services for bird: NEW_PROTOCOL=" |