...
These are some examples of complex subsystems:
- command Command processor via a call to
system()
or similar function (also addressed in ENV03-C. Sanitize the environment when invoking external programs) - external External programs
- relational Relational databases
- thirdThird-party commercial off-the-shelf components (for example, an enterprise resource planning subsystem)
...
The whitelisting approach to data sanitization is to define a list of acceptable characters and remove any character that is not acceptable. The list of valid input values is typically a predictable, well-defined set of manageable size. This example, based on the tcp_wrappers
package written by Wietse Venema, shows the whitelisting approach.:
Code Block | ||||
---|---|---|---|---|
| ||||
static char ok_chars[] = "abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "1234567890_-.@"; char user_data[] = "Bad char 1:} Bad char 2:{"; char *cp = user_data; /* cursor into string */ const char *end = user_data + strlen( user_data); for (cp += strspn(cp, ok_chars); cp != end; cp += strspn(cp, ok_chars)) { *cp = '_'; } |
...
The vulnerability in in.telnetd
invokes the login
program by calling execl()
. This call passes unsanitized data from an untrusted source (the USER
environment variable) as an argument to the login
program.:
Code Block | ||||
---|---|---|---|---|
| ||||
(void) execl(LOGIN_PROGRAM, "login", "-p", "-d", slavename, "-h", host, "-s", pam_svc_name, (AuthenticatingUser != NULL ? AuthenticatingUser : getenv("USER")), 0); |
...