Merge pull request #7774 from techhat/cmdinjection

Fix command injection vulnerability in disk.usage
saltstack · Oct 12, 2013 · 6d8ef68 · 6d8ef68
2 parents b89fa91 + 7f190ff
commit 6d8ef68
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/salt/modules/disk.py b/salt/modules/disk.py
@@ -9,6 +9,8 @@
 # Import salt libs
 import salt.utils
 
+from salt.exceptions import CommandExecutionError
+
 log = logging.getLogger(__name__)
 
 
@@ -31,14 +33,21 @@ def usage(args=None):
 
         salt '*' disk.usage
     '''
+    flags = ''
+    allowed = ('a', 'B', 'h', 'H', 'i', 'k', 'l', 'P', 't', 'T', 'x', 'v')
+    for flag in args:
+        if flag in allowed:
+            flags += flag
+        else:
+            raise CommandExecutionError('Invalid flag passed to disk.usage')
     if __grains__['kernel'] == 'Linux':
         cmd = 'df -P'
     elif __grains__['kernel'] == 'OpenBSD':
         cmd = 'df -kP'
     else:
         cmd = 'df'
     if args:
-        cmd = cmd + ' -' + args
+        cmd += ' -{0}'.format(flags)
     ret = {}
     out = __salt__['cmd.run'](cmd).splitlines()
     for line in out: