diff -Nur e-smith-lib-2.4.0/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm e-smith-lib-2.4.0-untaint_nic_names/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm --- e-smith-lib-2.4.0/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm 2013-03-04 11:33:43.173652411 +0100 +++ e-smith-lib-2.4.0-untaint_nic_names/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm 2013-03-05 19:03:04.929704906 +0100 @@ -44,6 +44,9 @@ my $adapters = ''; my $index = 1; foreach my $nic (@nics){ + # Untaint $nic and makes sure the name looks OK + next unless ($nic =~ m/^(\w+[\.:]?\d+)$/); + $nic = $1; next if ( # skip loopback $nic eq 'lo' || @@ -67,6 +70,9 @@ open HW, "/sys/class/net/$nic/address"; my $mac = join("", ); close HW; + # Check MAC Addr and untaint it + next unless ($mac =~ m/^(([\da-f]{2}:){5}[\da-f]{2})$/i); + $mac = $1; # If the device is a slave of a bridge, it's real MAC # address can be found in /proc/net/bonding/bondX if (-l "/sys/class/net/$nic/master"){ @@ -82,14 +88,21 @@ } chomp($mac); my $driver = basename (readlink "/sys/class/net/$nic/device/driver"); + # Untaint driver name + next unless ($driver =~ m/^([\w\-]+)$/); + $driver = $1; my $bus = basename (readlink "/sys/class/net/$nic/device/subsystem"); my $desc = $nic; if ($bus eq 'pci'){ my $dev = basename (readlink "/sys/class/net/$nic/device"); - $desc = `/sbin/lspci -s $dev`; - # Extract only description - $desc =~ m/^.*:.*:\s+(.*)\s*/; - $desc = $1; + # Untaint $dev + if ($dev =~ m/^(\d+:\d+:\d+\.\d+)$/){ + $dev = $1; + $desc = `/sbin/lspci -s $dev`; + # Extract only description + $desc =~ m/^.*:.*:\s+(.*)\s*/; + $desc = $1; + } } elsif ($bus eq 'virtio'){ $desc = 'Virtio Network Device';