s3:script: Untaint user supplied data in modprinter.pl

spoolss_SetPrinter fails because of the error produced by modprinter.pl.

Perl error:
Insecure dependency in open while running setgid at modprinter.pl line 76.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12950

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/source3/script/tests/printing/modprinter.pl b/source3/script/tests/printing/modprinter.pl
index 9e5e3292c6cad6ceba3041f1160b507773962bb9..ec1ebcd7ab8345b986b9ef445eb87e0e3e07c7b8 100755 (executable)
--- a/source3/script/tests/printing/modprinter.pl
+++ b/source3/script/tests/printing/modprinter.pl
@@ -67,7 +67,14 @@ if (!defined($share_name)) {
        die "share name not defined";
 }
 
-my $tmp = $opt_smb_conf.$$;
+my $smb_conf_file = $opt_smb_conf;
+if ($smb_conf_file =~ /^(.*)$/) {
+       $smb_conf_file = $1; # untaint file name
+} else {
+       die "Invalid file name $smb_conf_file";
+}
+
+my $tmp = $smb_conf_file.$$;
 
 my $section = undef;
 my $within_section = 0;
@@ -75,7 +82,7 @@ my $found_section = 0;
 
 open(CONFIGFILE_NEW, "+>$tmp") || die "Unable top open conf file $tmp";
 
-open (CONFIGFILE, "+<$opt_smb_conf") || die "Unable to open config file $opt_smb_conf";
+open (CONFIGFILE, "+<$smb_conf_file") || die "Unable to open config file $smb_conf_file";
 while (<CONFIGFILE>) {
        my $line = $_;
        chomp($_);
@@ -123,7 +130,9 @@ close (CONFIGFILE_NEW);
 if ($opt_delete && ($found_section == 0)) {
        die "share $share_name not found";
 }
-system("cp", "$tmp", "$opt_smb_conf");
+
+$ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
+system("cp", "$tmp", "$smb_conf_file");
 unlink $tmp;
 
 exit 0;