Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gaim festival plugin exploit

From: Jérôme Augé <eguaj () free fr>
Date: Wed, 15 Oct 2003 21:01:13 +0200
On Wed, Oct 15, 2003 at 05:29:55PM +0200, error wrote:


So a fixed version would look like this:

AIM::register("Festival TTS", "0.0.1", "goodbye", "");
AIM::print("Perl Says", "Loaded Festival TTS");
AIM::command("idle", "60000") if ($pro ne "Offline");
AIM::add_event_handler("event_im_recv", "synthesize");

sub goodbye {
      AIM::print("Module Unloaded", "Unloaded Festival TTS");
}

sub synthesize {
    my $string = $_[0];
    $string =~ s/\<.*?\>//g;
    $string =~ s/\".*\"//;
    $string =~ s/[^\w]//g;
    system("echo \"$string\" | /usr/bin/festival --tts");
}



Removing all the non-word characters is of course effective, but it 's a
little bit « restrictive » no ?

A less « restrictive » but still « secure » way might be to not use the
system() function at all :
  
  open(FESTIVAL, "|-", "/usr/bin/festival --tts");
  print FESTIVAL "$string\n";
  close FESTIVAL;

That way you keep your original message intact with the punctuation
characters, and you are immune to shell code injection... and ban this
system() call with only one argument :)

Regards,
Jérôme

-- 
"Res publica non dominetur"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: