r2plugin: prevent command injection in signature fallback apply path#31
Open
trufae wants to merge 1 commit into
Open
r2plugin: prevent command injection in signature fallback apply path#31trufae wants to merge 1 commit into
trufae wants to merge 1 commit into
Conversation
Collaborator
Author
|
actually the right fix is just to prefix with a single quote the afs command. no need to filter all that. so pls take that into account and do the right fix by hand |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
r_core_cmdf_at(..., "afs %s", signature)with an inferred signature string that could include an unsanitized function name coming from untrusted binaries, enabling radare2 command injection via separators like;,|,&, newlines, or!.Description
signature_contains_cmd_separator()inr2plugin/r_anal_sleigh.cto detect dangerous separator characters in the signature string before executing the fallback command.apply_inferred_signature()to skip ther_core_cmdf_atfallback when a separator is detected, mark the apply result as failed, and write a descriptive reason instead of executing the unsafe command.r_anal_str_to_fcnapply-and-verify flow and behavior when no unsafe characters are present.;,|,&,\n,\r, and!.Testing
test_format_afs_signatureviacargo test -p r2sleigh-plugin --features x86 test_format_afs_signature -- --nocapture, which compiled the workspace and passed (1 test passed).Codex Task