[mw-devel] MW3 r921 - branches/jscript/src

Tue Mar 20 20:39:51 GMT 2007

Author: arthur
Date: 2007-03-20 20:39:51 +0000 (Tue, 20 Mar 2007)
New Revision: 921

Modified:
   branches/jscript/src/js.c
   branches/jscript/src/sqlite.c
Log:
make the dbaccess safe, refs #13


Modified: branches/jscript/src/js.c
===================================================================

--- branches/jscript/src/js.c	2007-03-20 20:04:11 UTC (rev 920)
+++ branches/jscript/src/js.c	2007-03-20 20:39:51 UTC (rev 921)
@@ -8,6 +8,8 @@
 #include <errno.h>
 #include <jsapi.h>
 #include <iconv.h>
+#include <sys/types.h>
+#include <pwd.h>
 
 #include "bb.h"
 #include "proto.h"
@@ -224,7 +226,7 @@
 	JS_AddRoot(cx, jsarray);
 	JS_SetArrayLength(cx, jsarray, data->cols);
 
-	printf("Making Array(%d)\n", data->cols);
+/*	printf("Making Array(%d)\n", data->cols); */
 	i = 0;
 	node = data->data;
 	while (node) {
@@ -249,7 +251,20 @@
 	char *query;
 	JSObject *result; // result object were creating
 	JSObject *resarray;
+	int myid;
+	char path[1024];
+	struct passwd *pw;
 
+	if ((pw=getpwuid(getuid()))==NULL) {
+		fprintf(stderr, "Error getting user information\n");
+		return JS_FALSE;
+	}
+
+	if (strcasecmp(pw->pw_name, "bbs")==0) {
+		printf("bbs user is not allowed db access\n");
+		return JS_FALSE;
+	}
+
 	if (argc != 2) {
 		return JS_FALSE;
 	}
@@ -261,7 +276,19 @@
 	dbname = JS_GetStringBytes(JS_ValueToString(cx, argv[0]));
 	query = JS_GetStringBytes(JS_ValueToString(cx, argv[1]));
 
-	dbres = db_query(dbname, query);
+	if (dbname[0] == '/'
+	||  strncmp(dbname, "../", 3)==0
+	||  strstr(dbname, "/../")) {
+		printf("Illegal path element in dbname '%s'\n", dbname);
+		return JS_FALSE;
+	}
+	snprintf(path, sizeof(path), "%s/%s", pw->pw_dir, dbname);
+
+	myid=geteuid();
+	seteuid(getuid());
+	dbres = db_query(path, query);
+	seteuid(myid);
+
 	if (!dbres) {
 		return JS_FALSE;
 	}
@@ -546,7 +573,18 @@
 {
 	JSBool builtins;
 	JSFunction *ok;
+	struct passwd *pw;
+	int is_local=1;
 
+	if ((pw=getpwuid(getuid()))==NULL) {
+		fprintf(stderr, "Error getting user information\n");
+		return -1;
+	}
+
+	if (strcasecmp(pw->pw_name, "bbs")==0) {
+		is_local=0;
+	}
+
 	/* create global runtime, allocate memory */
 	if (!(jsrt = JS_NewRuntime(8*1024*1024))) {
 		printf("Error creating JS runtime\n");
@@ -569,19 +607,21 @@
 	/* initiate local stuff */
 
 	ok = JS_DefineFunction(jscx, jsroot, "print", js_print, 1, 0);
-	ok = JS_DefineFunction(jscx, jsroot, "dbquery", js_doquery, 2, 1);
 	ok = JS_DefineFunction(jscx, jsroot, "exec", js_mwexec, 1, 0);
 	ok = JS_DefineFunction(jscx, jsroot, "say", js_say, 1, 0);
 
 	ok = JS_DefineProperty(jscx, jsroot, "whoami", STRING_TO_JSVAL(JS_NewStringCopyZ(jscx,user->name)), NULL, NULL, JSPROP_READONLY|JSPROP_PERMANENT);
 
+	/* not for bbs user */
+	if (is_local) {
+		ok = JS_DefineFunction(jscx, jsroot, "dbquery", js_doquery, 2, 1);
+	}
+
 	/* need additional functions : 
 	 * - one to bind functions to events (bind?)
 	 * - one to load another script (include?)
-	 * - one to exec talker/board commands
 	 * - get system date/time
 	 * - input line of text (does anyone use this)
-	 also need to set all the variables
 	 */
 
 	return 0;

Modified: branches/jscript/src/sqlite.c
===================================================================
--- branches/jscript/src/sqlite.c	2007-03-20 20:04:11 UTC (rev 920)
+++ branches/jscript/src/sqlite.c	2007-03-20 20:39:51 UTC (rev 921)
@@ -20,7 +20,7 @@
 void
 db_close(sqlite3 *db)
 {
-	printf("Closing database %p\n", (void *)db);
+/*	printf("Closing database %p\n", (void *)db); */
 	sqlite3_close(db);
 }
 



