CHROMIUMOS: Escape | and & characters when passing to the shell.
Add functions for hooks to check validity of domain names and paths.
Ensure we set a valid hostname, DNS domain and NIS domain.
Document the need for input validation in dhcpcd-run-hooks(8).
Fixes CVE-2011-996.
Based on patches to dhcpcd-3 by Marius Tomaschewski <mt@suse.de>.
BUG=chromium-os:14192
TEST=Compile and run only -- this code path does not fire in ChromeOS.
Our version has all hooks removed so only the escape changes above apply.
Change-Id: Ia8c7b3e4af6e13b13319ee7f5cc58f3ab8e02b13
R=sleffler@chromium.org,sumit@chromium.org
Review URL: http://codereview.chromium.org/6873012
diff --git a/dhcp.c b/dhcp.c
index c388cb9..7d2c25b 100644
--- a/dhcp.c
+++ b/dhcp.c
@@ -1140,7 +1140,9 @@
case '\'': /* FALLTHROUGH */
case '$': /* FALLTHROUGH */
case '`': /* FALLTHROUGH */
- case '\\':
+ case '\\': /* FALLTHROUGH */
+ case '|': /* FALLTHROUGH */
+ case '&':
if (s) {
if (len < 3) {
errno = ENOBUFS;