Fossil SCM

Add an assert() to prove that Fossil server instances are not vulnerable to the ShellShock bug because it never shells-out while processing an HTTP request.

drh 2014-10-06 00:58 trunk

Commit 82e30c0000dfe41b4ded9ce51b9864826bc0b827

Parent c001fa0edfc412a…

1 file changed +9

~ src/util.c

M src/util.c

		--- src/util.c
		+++ src/util.c
		@@ -78,10 +78,19 @@
78	78	free(zNewCmd);
79	79	#else
80	80	/* On unix, evaluate the command directly.
81	81	*/
82	82	if( g.fSystemTrace ) fprintf(stderr, "SYSTEM: %s\n", zOrigCmd);
	83	+
	84	+ /* Unix systems should never shell-out while processing an HTTP request,
	85	+ ** either via CGI, SCGI, or direct HTTP. The following assert verifies
	86	+ ** this. And the following assert proves that Fossil is not vulnerable
	87	+ ** to the ShellShock or BashDoor bug.
	88	+ */
	89	+ assert( g.cgiOutput==0 );
	90	+
	91	+ /* The regular system() call works to get a shell on unix */
83	92	rc = system(zOrigCmd);
84	93	#endif
85	94	return rc;
86	95	}
87	96
88	97

	--- src/util.c
	+++ src/util.c
	@@ -78,10 +78,19 @@
78	free(zNewCmd);
79	#else
80	/* On unix, evaluate the command directly.
81	*/
82	if( g.fSystemTrace ) fprintf(stderr, "SYSTEM: %s\n", zOrigCmd);









83	rc = system(zOrigCmd);
84	#endif
85	return rc;
86	}
87
88

	--- src/util.c
	+++ src/util.c
	@@ -78,10 +78,19 @@
78	free(zNewCmd);
79	#else
80	/* On unix, evaluate the command directly.
81	*/
82	if( g.fSystemTrace ) fprintf(stderr, "SYSTEM: %s\n", zOrigCmd);
83
84	/* Unix systems should never shell-out while processing an HTTP request,
85	** either via CGI, SCGI, or direct HTTP. The following assert verifies
86	** this. And the following assert proves that Fossil is not vulnerable
87	** to the ShellShock or BashDoor bug.
88	*/
89	assert( g.cgiOutput==0 );
90
91	/* The regular system() call works to get a shell on unix */
92	rc = system(zOrigCmd);
93	#endif
94	return rc;
95	}
96
97

Fossil SCM

Keyboard Shortcuts