[SCM] Samba Shared Repository - branch master updated
Uri Simchoni
uri at samba.org
Mon Nov 23 21:20:03 UTC 2015
The branch, master has been updated
via 22386dc samba-tool: replace use of os.popen
from e6f88c1 libads: Fix picky const warning with krb5_set_password_using_ccache
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 22386dc39673f66de2dd57596447acf3c6c00ef7
Author: Uri Simchoni <uri at samba.org>
Date: Sun Nov 15 13:34:03 2015 +0200
samba-tool: replace use of os.popen
The netcmd/domain.py module uses os.popen() on user-supplied
parameters. This opens up the way to code injection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11601
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Mon Nov 23 22:19:34 CET 2015 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
python/samba/netcmd/domain.py | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 6726538..62f8bfa 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -31,6 +31,7 @@ import ctypes
import random
import tempfile
import logging
+import subprocess
from getpass import getpass
from samba.net import Net, LIBNET_JOIN_AUTOMATIC
import samba.ntacls
@@ -87,9 +88,16 @@ from samba.provision.common import (
)
def get_testparm_var(testparm, smbconf, varname):
- cmd = "%s -s -l --parameter-name='%s' %s 2>/dev/null" % (testparm, varname, smbconf)
- output = os.popen(cmd, 'r').readline()
- return output.strip()
+ errfile = open(os.devnull, 'w')
+ p = subprocess.Popen([testparm, '-s', '-l',
+ '--parameter-name=%s' % varname, smbconf],
+ stdout=subprocess.PIPE, stderr=errfile)
+ (out,err) = p.communicate()
+ errfile.close()
+ lines = out.split('\n')
+ if lines:
+ return lines[0].strip()
+ return ""
try:
import samba.dckeytab
--
Samba Shared Repository
More information about the samba-cvs
mailing list