diff options
author | Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> | 2013-07-25 15:28:54 +0200 |
---|---|---|
committer | Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> | 2013-07-26 09:14:41 +0200 |
commit | 2e7db1befc1375f1f097f9736340205fbc350550 (patch) | |
tree | bdf114c97a3b4eb9a87107426d5f9dac06ccc222 /src/system/dlt-system-shell.c | |
parent | 7f18f68cc730024d1053255557cc10c788f8627d (diff) | |
download | DLT-daemon-2e7db1befc1375f1f097f9736340205fbc350550.tar.gz |
Fixed: Security Issue by Command Injection in DLT System.
Signed-off-by: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>
Diffstat (limited to 'src/system/dlt-system-shell.c')
-rw-r--r-- | src/system/dlt-system-shell.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/system/dlt-system-shell.c b/src/system/dlt-system-shell.c index 758f5fc..61b4b50 100644 --- a/src/system/dlt-system-shell.c +++ b/src/system/dlt-system-shell.c @@ -60,17 +60,17 @@ DLT_DECLARE_CONTEXT(shellContext) int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t length) { - DLT_LOG(dltsystem,DLT_LOG_DEBUG, + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection callback")); char text[1024]; int syserr = 0; strncpy(text,data,length); - DLT_LOG(dltsystem,DLT_LOG_DEBUG, + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection injection id:"), DLT_UINT32(service_id)); - DLT_LOG(dltsystem,DLT_LOG_DEBUG, + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection data:"), DLT_STRING(text)); @@ -79,14 +79,20 @@ int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t lengt case 0x1001: if((syserr = system(text)) != 0) { - DLT_LOG(dltsystem,DLT_LOG_ERROR, + DLT_LOG(shellContext,DLT_LOG_ERROR, DLT_STRING("dlt-system-shell, abnormal exit status."), DLT_STRING(text), DLT_INT(syserr)); } + else + { + DLT_LOG(shellContext,DLT_LOG_INFO, + DLT_STRING("Shell command executed:"), + DLT_STRING(text)); + } break; default: - DLT_LOG(dltsystem,DLT_LOG_ERROR, + DLT_LOG(shellContext,DLT_LOG_ERROR, DLT_STRING("dlt-system-shell, unknown command received."), DLT_UINT32(service_id), DLT_STRING(text)); |