| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: eguaj at free.fr (Jérôme Augé)
Subject: Gaim festival plugin exploit
On Wed, Oct 15, 2003 at 05:29:55PM +0200, error wrote:
>
> So a fixed version would look like this:
>
> AIM::register("Festival TTS", "0.0.1", "goodbye", "");
> AIM::print("Perl Says", "Loaded Festival TTS");
> AIM::command("idle", "60000") if ($pro ne "Offline");
> AIM::add_event_handler("event_im_recv", "synthesize");
>
> sub goodbye {
> AIM::print("Module Unloaded", "Unloaded Festival TTS");
> }
>
> sub synthesize {
> my $string = $_[0];
> $string =~ s/\<.*?\>//g;
> $string =~ s/\".*\"//;
> $string =~ s/[^\w]//g;
> system("echo \"$string\" | /usr/bin/festival --tts");
> }
>
Removing all the non-word characters is of course effective, but it 's a
little bit ? restrictive ? no ?
A less ? restrictive ? but still ? secure ? way might be to not use the
system() function at all :
open(FESTIVAL, "|-", "/usr/bin/festival --tts");
print FESTIVAL "$string\n";
close FESTIVAL;
That way you keep your original message intact with the punctuation
characters, and you are immune to shell code injection... and ban this
system() call with only one argument :)
Regards,
J?r?me
--
"Res publica non dominetur"
Powered by blists - more mailing lists