zonesigner (dnssec-tools) is broken
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| dnssec-tools (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Ubuntu package dnssec-tools provides a broken zonesigner script, which fails when any the -kskdirectory, -zskdirectory, or -keydirectory options is used. The script (/usr/sbin/
The difference between the original and Ubuntu versions of the script appears to be due to an incompletely considered attempt to protect against shell command injection.
The Ubuntu script needs to be changed either to use the original code or to dereference file globs explicitly before invoking the relevant external command.
Details follow below.
joe(user)2097: /usr/sbin/
zonesigner version: 2.1.0
DNSSEC-Tools Version: 2.1
joe(user)2098: /usr/local/
zonesigner version: 2.1.0
DNSSEC-Tools Version: 2.1
joe(user)2099: cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.2 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.2 LTS"
VERSION_ID="16.04"
HOME_URL="http://
SUPPORT_URL="http://
BUG_REPORT_URL="http://
VERSION_
UBUNTU_
joe(user)2100: diff -b -u /usr/sbin/
--- /usr/sbin/
+++ /usr/local/
@@ -1087,11 +1087,11 @@
#
# Ensure that the zone file has not been signed yet.
#
- #if(presigned())
- #{
- # print STDERR "zone file $zonefile already signed\n";
- # exit(17);
- #}
+ if(presigned())
+ {
+ print STDERR "zone file $zonefile already signed\n";
+ exit(17);
+ }
}
#-----
@@ -1985,7 +1985,6 @@
my $keys; # Keys we're modifying.
my @keylist; # Keys inna list.
- my @args;
#
# Change the type of the given signing set to the specified type.
@@ -2021,11 +2020,6 @@
vmed_
System($cmd);
- if ($? != 0)
- {
- print STDERR "'$cmd' returned $?\n" if($verbose);
- exit($?);
- }
#
# Record the time when key is revoked.
@@ -2057,13 +2051,7 @@
if(! -e $archdir)
{
vmed_
- @args = ($MKDIR, "-p", "-m 0700", $archdir);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?);
- }
+ System("$MKDIR -p -m 0700 $archdir");
}
else
{
@@ -2091,13 +2079,7 @@
$newname = "$archdir/
vhigh_
- @args = ($MV, $archfn, $newname);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?);
- }
+ System("$MV $archfn $newname");
if($archfn =~ /\.key$/)
{
@@ -2182,7 +2164,6 @@
sub keydirs
{
my $cwd = getcwd(); # Current directory.
- my @args;
vmed_
@@ -2205,24 +2186,12 @@
foreach my $ksk (@kskcurlist)
{
- @args = ($MV, "$ksk.*", $kskdir);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?)
- }
+ System("$MV $ksk.* $kskdir");
}
foreach my $ksk (@kskpublist)
{
- @args = ($MV, "$ksk.*", $kskdir);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?)
- }
+ System("$MV $ksk.* $kskdir");
}
}
@@ -2246,35 +2215,17 @@
foreach my $zsk (@zskcurlist)
{
- @args = ($MV, "$zsk.*", $zskdir);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?)
- }
+ System("$MV $zsk.* $zskdir");
}
foreach my $zsk (@zskpublist)
{
- @args = ($MV, "$zsk.*", $zskdir);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?)
- }
+ System("$MV $zsk.* $zskdir");
}
foreach my $zsk (@zsknewlist)
{
- @args = ($MV, "$zsk.*", $zskdir);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?)
- }
+ System("$MV $zsk.* $zskdir");
}
}
@@ -2291,7 +2242,6 @@
my $file; # Zone's contents.
my $flen; # Zone file's length.
my $newserial; # Zone's new serial number.
- my @args;
vhigh_
vprint("adding key includes to zone file\n");
@@ -2397,16 +2347,7 @@
#
# Copy the zone data to a new file.
#
- if ($zonefile ne $zoneftmp)
- {
- @args = ($CP, $zonefile, $zoneftmp);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?);
- }
- }
+ System("$CP $zonefile $zoneftmp") if($zonefile ne $zoneftmp);
open(ZF,"+< $zonefile");
@zonestat = stat($zonefile);
}
@@ -2417,16 +2358,7 @@
#
# Copy the zone data to a new file.
#
- @args = ($CP, $zonefile, $zoneftmp);
- if($zonefile ne $zoneftmp)
- {
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?);
- }
- }
+ System("$CP $zonefile $zoneftmp") if($zonefile ne $zoneftmp);
#
# Get the include-keys section.
@@ -2461,7 +2393,6 @@
my $status; # Execution return code.
my $zscmd; # Zone-signing command line.
my $zcq = '-q'; # Quiet option for zone checker.
- my @args;
#
# Get the most recent revoked keys if we're rolling KSKs or if
@@ -2530,8 +2461,8 @@
#
vprint("checking zone\n");
$zcq = '' if($verbose > $VERBOSE_LOW);
- System("$zonecheck $zcopts $zcq $zone $szone");
- if($? != 0)
+ $status = System("$zonecheck $zcopts $zcq $zone $szone");
+ if($status != 0)
{
print STDERR "problems with zone signing\n";
System(
@@ -2661,22 +2592,10 @@
{
my $now = time();
my $newzftmp = "$zoneftmp.$now";
- @args = ($CP, $zoneftmp, $newzftmp);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?);
- }
+ System("$CP $zoneftmp $newzftmp");
}
- @args = ($RM, $zoneftmp);
- System(@args);
- if ($? != 0)
- {
- print STDERR "'@args' returned $?\n" if($verbose);
- exit($?);
- }
+ System("$RM $zoneftmp");
}
return(0);
joe(user)2101:
| Niall O'Reilly (no8) wrote | #1 |
Suggested fix (expand wildcard using glob() and splice into place: 5 instances):
--- /usr/sbin/
+++ ./bin/zonesigner 2017-02-14 12:12:06.604434508 +0000
@@ -2208,2 +2208,3 @@
@args = ($MV, "$ksk.*", $kskdir);
+ splice(
System(@args);
@@ -2219,2 +2220,3 @@
@args = ($MV, "$ksk.*", $kskdir);
+ splice(
System(@args);
@@ -2249,2 +2251,3 @@
@args = ($MV, "$zsk.*", $zskdir);
+ splice(
System(@args);
@@ -2260,2 +2263,3 @@
@args = ($MV, "$zsk.*", $zskdir);
+ splice(
System(@args);
@@ -2271,2 +2275,3 @@
@args = ($MV, "$zsk.*", $zskdir);
+ splice(
System(@args);