From 259f6a5eb49e327e5ec5cb464cf5fb70e43a72d0 Mon Sep 17 00:00:00 2001
From: stan <stan@e3e1d417-86f3-4887-817a-d78f3d33393f>
Date: Fri, 17 Jan 2003 10:33:17 +0000
Subject: [PATCH] Retaint arguments before exec'ing.

git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@355 e3e1d417-86f3-4887-817a-d78f3d33393f
---
 scripts/zmdc.pl.z | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/scripts/zmdc.pl.z b/scripts/zmdc.pl.z
index 8205c9314..b8977b6be 100755
--- a/scripts/zmdc.pl.z
+++ b/scripts/zmdc.pl.z
@@ -84,7 +84,7 @@ if ( $needs_daemon )
 foreach my $arg ( @ARGV )
 {
 	# Detaint arguments, if they look ok
-	if ( $arg =~ /^(-{0,2}[\w\d]+)/ )
+	if ( $arg =~ /^(-{0,2}[\w]+)/ )
 	{
 		push( @args, $1 );
 	}
@@ -94,7 +94,6 @@ foreach my $arg ( @ARGV )
 	}
 }
 
-
 socket( CLIENT, PF_UNIX, SOCK_STREAM, 0 ) or die( "Can't open socket: $!" );
 
 my $saddr = sockaddr_un( DC_SOCK_FILE );
@@ -212,7 +211,21 @@ if ( !connect( CLIENT, $saddr ) )
 					die( "Invalid daemon '$daemon' specified" );
 				}
 
-				exec( $daemon, @args ) or die( "Can't exec: $!" );
+				my @good_args;
+				foreach my $arg ( @args )
+				{
+					# Detaint arguments, if they look ok
+					if ( $arg =~ /^(-{0,2}[\w]+)/ )
+					{
+						push( @good_args, $1 );
+					}
+					else
+					{
+						die( "Bogus argument '$arg' found" );
+					}
+				}
+
+				exec( $daemon, @good_args ) or die( "Can't exec: $!" );
 			}
 			else
 			{