RE: problem with command SYSTEM

Brian Sat, 16 Jun 2001 13:49:01 -0700
I'm guessing it's a problem with tainted data.  You are using $msgtext
and $dest in a system call without untainting the data first.  In other
words, somebody could put "\"; rm -rf /\"" in $dest, and you'd be short
a filesystem (well, the files that your web server has access to anyway.

What you might have to do (and I'm not sure here) is something like:

If($msgtxt =~ /^[\w\d]+$/ && $dest =~ /^[\w\d]+$/) {
 system("blah");
}

I'm not sure if that will work, but it's something to try.  You could
also turn on the taint checking (-T I think).

Brian Johnson
Partner/Systems Administrator/Programmer
Keweenet, LLC (www.keweenet.com)
Source1Hosting.tv, LLC (www.source1hosting.tv)
E-Mol.com, LLC (www.e-mol.com)
exo2.net (Coming soon)
I may be insane, but remember - The only
difference between an insane man and a
genius is his jacket.

> 
> Helo ,
> I have  problem with submiting form to perl script :
> What realy problem is when I try to submit form trought web I 
> get $retval= -1  from smsgw.pl script, but when I try that 
> from command line :
>  perl smsgw.pl dest=233435 msgtxt=hi
> it works without any problem .
> Where I'm wrong?
> Thanks ,
> Alen
> 
> Here is perl script called smsgw.pl
> 
> #!/usr/bin/perl -w
> use strict;
> use diagnostics;
> use CGI;
> #-----------------------------------------------------------
> # Name the global variables
> my $dest = "";
> my $msgtxt = "";
> # Create en instance of CGI
> my $query = new CGI;
> 
> # Send the MIME header
> print $query->header ("text/html");
> # Grab posted values
> $dest = $query->param ("dest");
> $msgtxt = $query->param ("msgtxt");
> 
> # Was at least one field filled-in ?
> if (($dest eq "") || ($msgtxt eq "")) {
>   print $query->start_html (-title => "Greska !");
>   print "<H1>Greska !</H1>\n";
>   print "<P>Svi podaci su obavezni!";
>   print $query->end_html;
>   exit;
> }
> 
> # Check message length
> my $txtlen = length ($msgtxt);
> if ($txtlen > 160) {
>   print $query->start_html (-title => "Error !");
>   print "<H1>Error !</H1>\n";
>   print "<P>Vasa poruka ne moze biti duza od 160 
> (char)karaktera (now$txtlen). ";
>   print "Ovaj 160 char limit je ugraden u  SMS protocol i ne 
> moze biti ";
>   print "prekoracen ! ";
>   print $query->end_html;
>   exit;
> }
> 
> # Remove newlines from msgtxt (replace them by space)
> $msgtxt =~ s/\n/ /g;
> #===========================================================
> print $query->start_html (-title => "SMS Sending Rezultat");
> print "<H1>SMS Sending Rezultat</H1>\n";
> print "bla bla bla :  $msgtxt";
> #-----------------------------------------------------------
> # Submit the sendsms request
> my $retval = 0;
> $retval = system ("echo $msgtxt | /usr/bin/gnokii/gnokii 
> --sendsms $dest");
> 
> if ($retval == 0) {
>   print "<P>Poruka je uspjesno isporucena!!!</P>\n";
> }
> else {
>   print "<P>Poruka nije isporucena ! Pokusajte ponovo.</P>\n";
>   print $retval;
> }
> 
> # End the HTML
> #-----------------------------------------------------------
> exit;
> 
> 
>
RE: problem with command SYSTEM

Reply via email to
