diff options
| author | Marcel Holtmann <marcel@holtmann.org> | 2005-08-05 04:28:34 +0000 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2005-08-05 04:28:34 +0000 |
| commit | e41fb20b888901da7c29bc9fa096f6cc4b6b3542 (patch) | |
| tree | 0e08be392156f4a6fed0c79ab74f653058220b96 | |
| parent | 69ae05c1fc41eba63442939e1ea69433271de3da (diff) | |
Fix security problem with escape characters in device name
| -rw-r--r-- | hcid/security.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/hcid/security.c b/hcid/security.c index 7dfa4a17..718fff3d 100644 --- a/hcid/security.c +++ b/hcid/security.c @@ -302,7 +302,7 @@ static void call_pin_helper(int dev, bdaddr_t *sba, struct hci_conn_info *ci) { pin_code_reply_cp pr; struct sigaction sa; - char addr[18], str[255], *pin, name[249]; + char addr[18], str[512], *pin, name[249], tmp[499], *ptr; FILE *pipe; int i, ret, len; @@ -327,14 +327,20 @@ static void call_pin_helper(int dev, bdaddr_t *sba, struct hci_conn_info *ci) read_device_name(sba, &ci->bdaddr, name); //hci_remote_name(dev, &ci->bdaddr, sizeof(name), name, 0); + memset(tmp, 0, sizeof(tmp)); + ptr = tmp; + for (i = 0; i < 248 && name[i]; i++) - if (!isprint(name[i])) - name[i] = '.'; - name[248] = '\0'; + if (isprint(name[i])) { + if (name[i] == '"') + *ptr++ = '\\'; + *ptr++ = name[i]; + } else + *ptr++ = '.'; ba2str(&ci->bdaddr, addr); - snprintf(str, sizeof(str), "%s %s %s \'%s\'", hcid.pin_helper, - ci->out ? "out" : "in", addr, name); + snprintf(str, sizeof(str), "%s %s %s \"%s\"", hcid.pin_helper, + ci->out ? "out" : "in", addr, tmp); setenv("PATH", "/bin:/usr/bin:/usr/local/bin", 1); |