|
|
马上注册,结交更多好友,享用更多功能^_^
您需要 登录 才可以下载或查看,没有账号?立即注册
x
mals_router_network_adapt.c, line 2908 (Command Injection)
Fortify Priority: Critical Folder Critical
Kingdom: Input Validation and Representation
Abstract: The function mals_rt_enable_IP_passthrough() in mals_router_network_adapt.c calls
popen() on line 2908 to execute a command built from untrusted data. This allows an
attacker to inject malicious commands.
Source: mals_router_network_adapt.c:2853 fgets()
2851 {
2852 /*reading buffer return by popen*/
2853 if(fgets(data, sizeof(data), in)!=NULL)
2854 {
2855 data[strlen(data) - 1] = '\0' ;
Sink: mals_router_network_adapt.c:2908 popen()
2906 /* check if ippastbl already exists */
2907 snprintf(data, sizeof(data), "grep ippastbl %s", RT_ROUTE_TABLE_PATH);
2908 if ((in = popen(data, "r")))
2909 {
2910 if (fgets(data, sizeof(data), in) == NULL)
|
|
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
发表于 2022-10-25 20:44:35
置顶卡
千斤顶
显身卡