Escape cifs credentials to prevent injection - BMC/Intel-BMC/virtual-media.git - Adds possibility to inject virtual installation media to the platform via browser, HTTPS or CIFS. (mirror)

diff options

author	Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>	2021-04-27 14:57:50 +0300
committer	Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>	2021-04-27 15:22:17 +0300
commit	080a77fea45ae0da4639ddef22be91f853929d99 (patch)
tree	05bf1fddf4459ed130907f242d5efc1fa72b0d7c /tmpfiles.d
parent	7cc83164ffd69b4da0143f7e531f919b9006f944 (diff)
download	virtual-media-080a77fea45ae0da4639ddef22be91f853929d99.tar.xz

Escape cifs credentials to prevent injection

Mount function consumes mount parameters as coma delimited options. In order to make it resistant to classic parameter injection each comma in username or password parameter that user provides is escaped by second comma character. This fix appiles such escaping for samba credentials. Tested: Tested by inserting media with password=smbpass,ver=1.0. Kernel does not mount share, showing error appropriate to incorrect credentials: intel-obmc kernel: CIFS: Status code returned 0xc000006d \ STATUS_LOGON_FAILURE Change-Id: I3acb24a4b24e798e54e095c69e9c6ec3151e03d1 Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>

Diffstat (limited to 'tmpfiles.d')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: