From a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8 Mon Sep 17 00:00:00 2001 From: bzapiec Date: Fri, 30 Oct 2015 10:07:20 +0000 Subject: [PATCH] (See #1221) update samba hash generation due to a possible code injection command line parameter will be passed base64 encoded to avoid complex escaping sequences that may alter the initial passphrase git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@21280 594d385d-05f5-0310-b6e9-bd551577e9d8 --- include/class_core.inc | 2 +- include/functions.inc | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- a/gosa-core/include/class_core.inc +++ b/gosa-core/include/class_core.inc @@ -582,7 +582,7 @@ array( "name" => "sambaHashHook", "type" => "command", - "default" => "perl -MCrypt::SmbHash -e \"print join(q[:], ntlmgen %password), $/;\"", + "default" => "perl -MCrypt::SmbHash -e \"use MIME::Base64; print join(q[:], ntlmgen decode_base64('%password')), $/;\"", "description" => _("Command to create Samba NT/LM hashes. Required for password synchronization if you don't use supplementary services."), "check" => "gosaProperty::isCommand", "migrate" => "", --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -3086,8 +3086,8 @@ $password = addcslashes($password, '$'); $password = addcslashes($password, '$'); // <- And again once, to be able to use it as parameter for the perl script. $tmp = $config->get_cfg_value("core",'sambaHashHook'); - $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp); - $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp); + $tmp = preg_replace("/%userPassword/", base64_encode($password), $tmp); + $tmp = preg_replace("/%password/", base64_encode($password), $tmp); @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute"); exec($tmp, $ar);