From 2e7db1befc1375f1f097f9736340205fbc350550 Mon Sep 17 00:00:00 2001 From: Alexander Wenzel Date: Thu, 25 Jul 2013 15:28:54 +0200 Subject: Fixed: Security Issue by Command Injection in DLT System. Signed-off-by: Alexander Wenzel --- src/system/dlt-system-shell.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'src/system/dlt-system-shell.c') diff --git a/src/system/dlt-system-shell.c b/src/system/dlt-system-shell.c index 758f5fc..61b4b50 100644 --- a/src/system/dlt-system-shell.c +++ b/src/system/dlt-system-shell.c @@ -60,17 +60,17 @@ DLT_DECLARE_CONTEXT(shellContext) int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t length) { - DLT_LOG(dltsystem,DLT_LOG_DEBUG, + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection callback")); char text[1024]; int syserr = 0; strncpy(text,data,length); - DLT_LOG(dltsystem,DLT_LOG_DEBUG, + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection injection id:"), DLT_UINT32(service_id)); - DLT_LOG(dltsystem,DLT_LOG_DEBUG, + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection data:"), DLT_STRING(text)); @@ -79,14 +79,20 @@ int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t lengt case 0x1001: if((syserr = system(text)) != 0) { - DLT_LOG(dltsystem,DLT_LOG_ERROR, + DLT_LOG(shellContext,DLT_LOG_ERROR, DLT_STRING("dlt-system-shell, abnormal exit status."), DLT_STRING(text), DLT_INT(syserr)); } + else + { + DLT_LOG(shellContext,DLT_LOG_INFO, + DLT_STRING("Shell command executed:"), + DLT_STRING(text)); + } break; default: - DLT_LOG(dltsystem,DLT_LOG_ERROR, + DLT_LOG(shellContext,DLT_LOG_ERROR, DLT_STRING("dlt-system-shell, unknown command received."), DLT_UINT32(service_id), DLT_STRING(text)); -- cgit v1.2.1