daemon: fix path traversal vulnerability in asroot_iface_description_os()

`asroot_iface_description_os()` a sysfs path from an interface name
received from the unprivileged process. The validation only rejects `\0`
or `.` in first position. Add `/` to the list of rejected characters to
avoid path traversal.

Fix #773

diff --git a/NEWS b/NEWS
index 7170af8fa5a32af3fdd1702644ff65c68396c128..1f3ad66a83860821e91c1721e232875ac8b0e2bd 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,7 @@ lldpd (1.0.21)
  * Changes:
    + Add "configure lldp portdescription-source" to choose how to populate port description (#763)
  * Fix:
-   + Fix path traversal vulnerability in the privileged process (#774)
+   + Fix path traversal vulnerabilities in the privileged process (#773, #774)
 
 lldpd (1.0.20)
  * Changes:

diff --git a/src/daemon/priv-linux.c b/src/daemon/priv-linux.c
index ff3000386a3b6cee86301e825f60d0a0f0eb356d..54017fb17730ba04e555bd4dbf21f6cb45c13136 100644 (file)
--- a/src/daemon/priv-linux.c
+++ b/src/daemon/priv-linux.c
@@ -262,7 +262,7 @@ asroot_iface_description_os(const char *name, const char *description)
        char descr[IFALIASZ];
        FILE *fp;
        int rc;
-       if (name[0] == '\0' || name[0] == '.') {
+       if (name[0] == '\0' || name[0] == '.' || strchr(name, '/') != NULL) {
                log_warnx("privsep", "odd interface name %s", name);
                return -1;
        }