e-smith-lib/sme9/e-smith-lib-2.4.0-untaint_nic_names.patch

diff -Nur e-smith-lib-2.4.0/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm e-smith-lib-2.4.0-untaint_nic_names/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm
--- e-smith-lib-2.4.0/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm       2013-03-04 11:33:43.173652411 +0100
+++ e-smith-lib-2.4.0-untaint_nic_names/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm     2013-03-05 19:03:04.929704906 +0100
@@ -44,6 +44,9 @@
     my $adapters = '';
     my $index = 1;
     foreach my $nic (@nics){
+        # Untaint $nic and makes sure the name looks OK
+        next unless ($nic =~ m/^(\w+[\.:]?\d+)$/);
+        $nic = $1;
         next if (
             # skip loopback
             $nic eq 'lo' ||
@@ -67,6 +70,9 @@
         open HW, "/sys/class/net/$nic/address";
         my $mac = join("", <HW>);
         close HW;
+        # Check MAC Addr and untaint it
+        next unless ($mac =~ m/^(([\da-f]{2}:){5}[\da-f]{2})$/i);
+        $mac = $1;
         # If the device is a slave of a bridge, it's real MAC
         # address can be found in /proc/net/bonding/bondX
         if (-l "/sys/class/net/$nic/master"){
@@ -82,14 +88,21 @@
         }
         chomp($mac);
         my $driver = basename (readlink "/sys/class/net/$nic/device/driver");
+        # Untaint driver name
+        next unless ($driver =~ m/^([\w\-]+)$/);
+        $driver = $1;
         my $bus = basename (readlink "/sys/class/net/$nic/device/subsystem");
         my $desc = $nic;
         if ($bus eq 'pci'){
             my $dev = basename (readlink "/sys/class/net/$nic/device");
-            $desc = `/sbin/lspci -s $dev`;
-            # Extract only description 
-            $desc =~ m/^.*:.*:\s+(.*)\s*/;
-            $desc = $1;
+            # Untaint $dev
+            if ($dev =~ m/^(\d+:\d+:\d+\.\d+)$/){
+                $dev = $1;
+                $desc = `/sbin/lspci -s $dev`;
+                # Extract only description 
+                $desc =~ m/^.*:.*:\s+(.*)\s*/;
+                $desc = $1;
+            }
         }
         elsif ($bus eq 'virtio'){
             $desc = 'Virtio Network Device';
1	vip-ire	1.1	diff -Nur e-smith-lib-2.4.0/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm e-smith-lib-2.4.0-untaint_nic_names/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm
2			--- e-smith-lib-2.4.0/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm 2013-03-04 11:33:43.173652411 +0100
3			+++ e-smith-lib-2.4.0-untaint_nic_names/root/usr/share/perl5/vendor_perl/esmith/ethernet.pm 2013-03-05 19:03:04.929704906 +0100
4			@@ -44,6 +44,9 @@
5			my $adapters = '';
6			my $index = 1;
7			foreach my $nic (@nics){
8			+ # Untaint $nic and makes sure the name looks OK
9			+ next unless ($nic =~ m/^(\w+[\.:]?\d+)$/);
10			+ $nic = $1;
11			next if (
12			# skip loopback
13			$nic eq 'lo' \|\|
14			@@ -67,6 +70,9 @@
15			open HW, "/sys/class/net/$nic/address";
16			my $mac = join("", <HW>);
17			close HW;
18			+ # Check MAC Addr and untaint it
19			+ next unless ($mac =~ m/^(([\da-f]{2}:){5}[\da-f]{2})$/i);
20			+ $mac = $1;
21			# If the device is a slave of a bridge, it's real MAC
22			# address can be found in /proc/net/bonding/bondX
23			if (-l "/sys/class/net/$nic/master"){
24			@@ -82,14 +88,21 @@
25			}
26			chomp($mac);
27			my $driver = basename (readlink "/sys/class/net/$nic/device/driver");
28			+ # Untaint driver name
29			+ next unless ($driver =~ m/^([\w\-]+)$/);
30			+ $driver = $1;
31			my $bus = basename (readlink "/sys/class/net/$nic/device/subsystem");
32			my $desc = $nic;
33			if ($bus eq 'pci'){
34			my $dev = basename (readlink "/sys/class/net/$nic/device");
35			- $desc = `/sbin/lspci -s $dev`;
36			- # Extract only description
37			- $desc =~ m/^.:.:\s+(.)\s/;
38			- $desc = $1;
39			+ # Untaint $dev
40			+ if ($dev =~ m/^(\d+:\d+:\d+\.\d+)$/){
41			+ $dev = $1;
42			+ $desc = `/sbin/lspci -s $dev`;
43			+ # Extract only description
44			+ $desc =~ m/^.:.:\s+(.)\s/;
45			+ $desc = $1;
46			+ }
47			}
48			elsif ($bus eq 'virtio'){
49			$desc = 'Virtio Network Device';