void LLAppViewerWin32::handleCrashReporting() { // Windows only behaivor. Spawn win crash reporter. std::string exe_path = gDirUtilp->getAppRODataDir(); exe_path += gDirUtilp->getDirDelimiter(); exe_path += "win_crash_logger.exe"; std::string arg_string = "-user "; arg_string += gGridName; switch(getCrashBehavior()) { case CRASH_BEHAVIOR_ASK: default: arg_string += " -dialog "; _spawnl(_P_NOWAIT, exe_path.c_str(), exe_path.c_str(), arg_string.c_str(), NULL); break; case CRASH_BEHAVIOR_ALWAYS_SEND: _spawnl(_P_NOWAIT, exe_path.c_str(), exe_path.c_str(), arg_string.c_str(), NULL); break; case CRASH_BEHAVIOR_NEVER_SEND: break; } }
void CDebugger::Execute() { CString strInterpreter = /*"F:\\a ja tak\\lubie cie bardzo\\lua.exe";*/ theApp.GetModuleDir() + "\\" + "lua.exe"; CProject* pProject = ((CMainFrame*)AfxGetMainWnd())->GetProject(); _spawnl( _P_NOWAIT, strInterpreter, strInterpreter, "\"" + pProject->GetDebugPathNameExt() + "\"", NULL ); }
int _CRTAPI1 Z_spawnl (int Arg1,const char* Arg2,const char* Arg3, DWORD64ARGS) { int RetVal; SHORT sTimerHandle; ULONG ulElapsedTime; if (fInitDone == FALSE) { ApfInitDll(); } TimerOpen(&sTimerHandle, MICROSECONDS); TimerInit(sTimerHandle); // // Call the api // RetVal = _spawnl(Arg1,Arg2,Arg3, ARGS64); // // Get the elapsed time // ulElapsedTime = TimerRead(sTimerHandle); ApfRecordInfo(I__spawnl, ulElapsedTime - ApfData[I_CALIBRATE].ulFirstTime); TimerClose(sTimerHandle); return(RetVal); }
void CWE78_OS_Command_Injection__char_file_w32spawnl_03_bad() { char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) { { /* Read input from a file */ size_t dataLen = strlen(data); FILE * pFile; /* if there is room in data, attempt to read the input from a file */ if (100-dataLen > 1) { pFile = fopen(FILENAME, "r"); if (pFile != NULL) { /* POTENTIAL FLAW: Read data from a file */ if (fgets(data+dataLen, (int)(100-dataLen), pFile) == NULL) { printLine("fgets() failed"); /* Restore NUL terminator if fgets fails */ data[dataLen] = '\0'; } fclose(pFile); } } } } /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
/* goodG2B uses the GoodSource with the BadSink */ void CWE78_OS_Command_Injection__char_console_w32spawnl_66b_goodG2BSink(char * dataArray[]) { char * data = dataArray[2]; /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
/* goodG2B uses the GoodSource with the BadSink */ void goodG2BSink(vector<char *> dataVector) { char * data = dataVector[2]; /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
void CISRSummary::OnLButtonDown(UINT nFlags, CPoint point) { if (m_pPropertySheet) m_pPropertySheet->SetToClose(0); CWnd* pWnd; if ((pWnd = ChildWindowFromPoint(point,CWP_ALL))!=NULL) { UINT index = pWnd->GetDlgCtrlID(); if ((index >= IDC_ISRSUMMARY_FIRST) && (index <= IDC_ISRSUMMARY_LAST)) { if ((index == IDC_ISRSUMMARY_COMMAND6) || (index == IDC_ISRSUMMARY_COMMAND5) || (index == IDC_ISRSUMMARY_COMMAND4) || (index == IDC_ISRSUMMARY_COMMAND3) || (index == IDC_ISRSUMMARY_COMMAND2) || (index == IDC_ISRSUMMARY_COMMAND1)) { char Text[256]; Text[0] = NULL; GetDlgItemText(index,Text,sizeof(Text)); if (strlen(Text)) { strcat(Text,"\""); memmove(&Text[2],Text,strlen(Text)+1); Text[0] = '"'; Text[1] = 'I'; _spawnl(_P_NOWAIT,m_pParent->m_szUtilFile,"MsgUtil.exe",Text,NULL); } } } } CPropertyPage::OnLButtonDown(nFlags, point); }
int prefix_add(const char* ifname, int ifindex, const char* prefixPlain, int prefixLength, unsigned long prefered, unsigned long valid) { // netsh interface ipv6 add route 2000::/64 "eth1" preferredlifetime=1000 validlifetime=2000 store=active [publish=age] char arg1[]="interface"; char arg2[]="ipv6"; char arg3[]="add"; char arg4[]="route"; char arg5[256]; // prefix char arg6[256]; // interface=... char arg7[256]; // preferredlifetime=... char arg8[256]; // validlifetime=... char arg9[]="store=active"; char arg10[]="publish=age"; intptr_t i; char buf[2000]; sprintf(arg5, "%s/%d", prefixPlain, prefixLength); sprintf(arg6,"interface=\"%s\"", ifname); sprintf(arg7,"preferredlifetime=%u", prefered); sprintf(arg8,"validlifetime=%u", valid); sprintf(buf, "%s %s %s %s %s %s %s %s %s %s", arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9, arg10); i=_spawnl(_P_WAIT,netshPath,netshPath,arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,arg10, NULL); if (i==-1) { /// @todo: some better error support return -1; } return LOWLEVEL_NO_ERROR; }
/* goodG2B() uses the GoodSource with the BadSink */ static void goodG2BSink() { char * data = CWE78_OS_Command_Injection__char_file_w32spawnl_45_goodG2BData; /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
void EditConfig() { GetDropboxPath(); if(dropboxPath[0] == 0) { MessageBox(NULL,"Cant find where your dropbox path is.\n\nIs dropbox installed?","Error",MB_OK); return; } char configPath[MAX_PATH]; sprintf(configPath,"%s\\DropboxFilter.cfg",dropboxPath); FILE *file = fopen(configPath,"r"); if(file == NULL) { if(MessageBoxA(NULL,"I cant find a config file DropboxFilter.cfg in your dropbox folder, do you wish to create a default one?","Default config file",MB_YESNO) == IDYES) { FILE *file = fopen(configPath,"wb"); int written; HRSRC hResource; if(file) { hResource = FindResource(NULL,"ID_CONFIG","TXT"); void *resource = LockResource(LoadResource(NULL,hResource)); written = fwrite(resource,1,SizeofResource(NULL,hResource),file); fclose(file); } if(file == NULL || written != SizeofResource(NULL,hResource)) { MessageBox(NULL,"Failed to copy default config to dropbox folder.","Failed",MB_OK); } } else { return; } } else { fclose(file); } char notepadExe[MAX_PATH]; sprintf(notepadExe,"%s\\notepad.exe",getenv("SystemRoot")); _spawnl(_P_DETACH,notepadExe,notepadExe,configPath,NULL); }
int prefix_add(const char* ifname, int ifindex, const char* prefixPlain, int prefixLength, unsigned long prefered, unsigned long valid) { // ipv6 rtu 2000::/64 4 life 1800/900 publish char arg1[]="rtu"; char arg2[256]; // 2000::/64 char arg3[256]; // ifindex char arg4[]="life"; char arg5[256]; // 1800/900 char arg6[]="age"; char arg7[]="publish"; // publish int i; sprintf(arg2, "%s/%d", prefixPlain, prefixLength); sprintf(arg3,"%d", ifindex); sprintf(arg5,"%d/%d", valid, prefered); i=_spawnl(_P_WAIT,cmdPath,cmdPath, "/C", ipv6Path, arg1, arg2, arg3, arg4, arg5, arg6, arg7, NULL); if (i==-1) { /// @todo: some better error support return LOWLEVEL_ERROR_UNSPEC; } return LOWLEVEL_NO_ERROR; }
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { _spawnl(_P_WAIT, ".\\roboshrt.exe", ".\\roboshrt.exe", NULL); game = new RoboPanicGame(SCREEN_WIDTH, SCREEN_HEIGHT, COLOR_DEPTH); if(!game->initialize(hInstance, windowProc, "RoboPanic")) return FALSE; game->startMainLoop(); dprintf(("leavin WinMain()")); return true; } //WinMain
void CWE78_OS_Command_Injection__char_file_w32spawnl_61_bad() { char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE78_OS_Command_Injection__char_file_w32spawnl_61b_badSource(data); /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
/* goodG2B() - use goodsource and badsink by reversing the blocks on the goto statement */ static void goodG2B() { char * data; char dataBuffer[100] = ""; data = dataBuffer; goto source; source: /* FIX: Append a fixed string to data (not user / external input) */ strcat(data, "*.*"); /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
size_t spawnClient() { intptr_t ptr = _spawnl(_P_NOWAITO, "TiGaClient.exe", ".\\TiGaClient.exe", "127.0.0.1", "15600" ); if( ptr != -1 ) { size_t id = ++lastClientId; clients[id] = ptr; return id; } else printf("Error: %s\n", processError()); return 0; }
extern int dns_del(const char* ifname, int ifaceid, const char* addrPlain) { // netsh interface ipv6 add dns interface="eth0" address=2000::123 char arg1[]="interface"; char arg2[]="ipv6"; char arg3[]="delete"; char arg4[]="dns"; char arg5[256]; // interface=... char arg6[256]; // address=... intptr_t i; sprintf(arg5,"\"%s\"", ifname); sprintf(arg6,"address=%s", addrPlain); i=_spawnl(_P_DETACH,netshPath,netshPath,arg1,arg2,arg3,arg4,arg5,arg6,NULL); /// @todo: check status return LOWLEVEL_NO_ERROR; }
int ipaddr_del(const char * ifacename, int ifaceid, const char * addr, int prefixLength) { // netsh interface ipv6 add address interface=eth0 address=2000::123 validlifetime=120 preferredlifetime=60 char arg1[]="interface"; char arg2[]="ipv6"; char arg3[]="delete"; char arg4[]="address"; char arg5[256]; // interface=... char arg6[256]; // address=... intptr_t i; sprintf(arg5,"interface=\"%s\"", ifacename); sprintf(arg6,"address=%s", addr); i=_spawnl(_P_WAIT, netshPath, netshPath, arg1, arg2, arg3, arg4, arg5, arg6, NULL); return i; }
/* goodG2B1() - use goodsource and badsink by changing the globalReturnsTrue() to globalReturnsFalse() */ static void goodG2B1() { char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsFalse()) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); } else { /* FIX: Append a fixed string to data (not user / external input) */ strcat(data, "*.*"); } /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
static void restart_revolution(void) { #if defined(TARGET_PLATFORM_WINDOWS) _spawnl(_P_NOWAIT, s_command_path, s_command_path, NULL); #elif defined(TARGET_PLATFORM_MACOS_X) if (fork() == 0) { usleep(250000); execl(MCcmd, MCcmd, NULL); } #elif defined(TARGET_PLATFORM_LINUX) if (fork() == 0) { usleep(250000); execl(MCcmd, MCcmd, NULL); } #else #error restart not defined #endif }
int doForkExec( char *prog, char *arg1 ) { int pid, i; i = checkFilePerms( prog ); if ( i ) { return( i ); } i = checkFilePerms( arg1 ); if ( i ) { return( i ); } #ifndef windows_platform pid = fork(); if ( pid == -1 ) { return -1; } if ( pid ) { /* This is still the parent. */ } else { /* child */ for ( i = 0; i < 100; i++ ) { close( i ); } i = execl( prog, prog, arg1, ( char * ) 0 ); printf( "execl failed %d\n", i ); return( 0 ); } #else /* windows platform */ if ( _spawnl( _P_NOWAIT, prog, prog, arg1 ) == -1 ) { return -1; } #endif return( 0 ); }
extern int ipaddr_add(const char * ifacename, int ifaceid, const char * addr, unsigned long pref, unsigned long valid, int prefixLen) { // netsh interface ipv6 add address interface="eth0" address=2000::123 validlifetime=120 preferredlifetime=60 char arg1[]="interface"; char arg2[]="ipv6"; char arg3[]="add"; char arg4[]="address"; char arg5[256]; // interface=... char arg6[256]; // address=... char arg7[256]; // valid char arg8[256]; // pref intptr_t i; sprintf(arg5,"interface=\"%s\"", ifacename); sprintf(arg6,"address=%s", addr); sprintf(arg7,"validlifetime=%u", valid); sprintf(arg8,"preferredlifetime=%u", pref); // use _P_DETACH to speed things up, (but the tentative detection will surely fail) i=_spawnl(_P_WAIT, netshPath, netshPath, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, NULL); return i; }
int prefix_del(const char* ifname, int ifindex, const char* prefixPlain, int prefixLength) { // netsh interface ipv6 del route 2000::/64 "eth1" char arg1[]="interface"; char arg2[]="ipv6"; char arg3[]="delete"; char arg4[]="route"; char arg5[256]; // prefix char arg6[256]; // interface=... intptr_t i; sprintf(arg5, "%s/%d", prefixPlain, prefixLength); sprintf(arg6,"interface=\"%s\"", ifname); i=_spawnl(_P_WAIT,netshPath,netshPath,arg1,arg2,arg3,arg4,arg5,arg6, NULL); if (i==-1) { /// @todo: some better error support return -1; } return LOWLEVEL_NO_ERROR; }
void CWE78_OS_Command_Injection__char_file_w32spawnl_15_bad() { char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) { case 6: { /* Read input from a file */ size_t dataLen = strlen(data); FILE * pFile; /* if there is room in data, attempt to read the input from a file */ if (100-dataLen > 1) { pFile = fopen(FILENAME, "r"); if (pFile != NULL) { /* POTENTIAL FLAW: Read data from a file */ if (fgets(data+dataLen, (int)(100-dataLen), pFile) == NULL) { printLine("fgets() failed"); /* Restore NUL terminator if fgets fails */ data[dataLen] = '\0'; } fclose(pFile); } } } break; default: /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); break; } /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
extern int dns_add(const char* ifname, int ifaceid, const char* addrPlain) { // netsh interface ipv6 add dns "eth0" address=2000::123 char arg1[]="interface"; char arg2[]="ipv6"; char arg3[]="add"; char arg4[]="dns"; char arg5[256]; // interface=... char arg6[256]; // address=... intptr_t i; sprintf(arg5,"\"%s\"", ifname); sprintf(arg6,"address=%s", addrPlain); i=_spawnl(_P_WAIT,netshPath,netshPath,arg1,arg2,arg3,arg4,arg5,arg6,NULL); if (i == 0) { return LOWLEVEL_NO_ERROR; } else { sprintf(Message, "%s %s %s %s %s %s %s returned non-zero returncode %d", netshPath, arg1, arg2, arg3, arg4, arg5, arg6, i); return LOWLEVEL_ERROR_UNSPEC; } }
static void *child_proc(void *vp) { int rc; /* child here, exec the back end js process */ //close(pipe_in[0]); //close(pipe_out[1]); sprintf(arg1, "%d", pipe_out[0]); sprintf(arg2, "%d", pipe_in[1]); debugPrint(5, "spawning '%s' %s %s", progname, arg1, arg2); rc = _spawnl(_P_WAIT, progname, "edbrowse", "--mode", "js", arg1, arg2, 0); if (rc) { debugPrint(5, "spawning FAILED! %d\n", errno); /* oops, process did not exec */ /* write a message from this child, saying js would not exec */ head.magic = EJ_MAGIC; head.highstat = EJ_HIGH_PROC_FAIL; head.lowstat = EJ_LOW_EXEC; write(pipe_in[1], &head, sizeof(head)); //exit(90); } return (void *)90; }
void CWE78_OS_Command_Injection__char_environment_w32spawnl_04_bad() { char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) { { /* Append input from an environment variable to data */ size_t dataLen = strlen(data); char * environment = GETENV(ENV_VARIABLE); /* If there is data in the environment variable */ if (environment != NULL) { /* POTENTIAL FLAW: Read data from an environment variable */ strncat(data+dataLen, environment, 100-dataLen-1); } } } /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
void CWE78_OS_Command_Injection__char_console_w32spawnl_05_bad() { char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) { { /* Read input from the console */ size_t dataLen = strlen(data); /* if there is room in data, read into it from the console */ if (100-dataLen > 1) { /* POTENTIAL FLAW: Read data from the console */ if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) { /* The next few lines remove the carriage return from the string that is * inserted by fgets() */ dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') { data[dataLen-1] = '\0'; } } else { printLine("fgets() failed"); /* Restore NUL terminator if fgets fails */ data[dataLen] = '\0'; } } } } /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); }
static void run_program(QString program, QString arg1, QString arg2, QString arg3, QString arg4, bool wait_until_finished){ #if defined(FOR_WINDOWS) char *p = strdup(program.toAscii()); char *a1 = strdup(arg1.toAscii()); char *a2 = strdup(arg2.toAscii()); char *a3 = strdup(arg3.toAscii()); char *a4 = strdup(arg4.toAscii()); if(_spawnl(wait_until_finished ? _P_WAIT : _P_DETACH, p, p, a1, a2, a3, a4, NULL)==-1){ fprintf(stderr,"Couldn't launch crashreporter: \"%s\" \"%s\"\n",p,a1); SYSTEM_show_message(strdup(talloc_format("Couldn't launch crashreporter: \"%s\" \"%s\"\n",p,a1))); Sleep(3000); } #elif defined(FOR_LINUX) || defined(FOR_MACOSX) //if(system(QString(QCoreApplication::applicationDirPath() + "/crashreporter " + key + " " + QString::number(getpid()) + "&").toAscii())==-1) { // how to fix utf-8 here ? QString a = "LD_LIBRARY_PATH=" + QString(getenv("LD_LIBRARY_PATH")); QString full_command = a + " " + program + " " + arg1 + " " + arg2 + " " + arg3 + " " + arg4; if (wait_until_finished==false) full_command += "&"; fprintf(stderr, "Executing -%s-\n",full_command.toUtf8().constData()); if(system(strdup(full_command.toUtf8().constData()))==-1) { SYSTEM_show_message(strdup(talloc_format("Couldn't start crashreporter. command: -%s-\n",full_command.toUtf8().constData()))); } #else #error "unknown system" #endif }
int run( int no, const char *bin ) { #ifdef _WIN32 intptr_t ret; char test[ 5 ]; # ifdef WIN32_VS sprintf_s( test, 5, "%u", no ); # else sprintf( test, "%u", no ); # endif printf( "(%u) ", no ); if( verbose && keep_running ) ret = _spawnl( _P_WAIT, bin, bin, STR_RUN_TEST, test, STR_KEEP_RUNNING, STR_VERBOSE, NULL ); else if( verbose ) ret = _spawnl( _P_WAIT, bin, bin, STR_RUN_TEST, test, STR_VERBOSE, NULL ); else if( keep_running ) ret = _spawnl( _P_WAIT, bin, bin, STR_RUN_TEST, test, STR_KEEP_RUNNING, NULL ); else ret = _spawnl( _P_WAIT, bin, bin, STR_RUN_TEST, test, NULL ); if( ret == EXIT_SUCCESS ) return 0; else return EXIT_FAILURE; #else /* ifdef _WIN32 */ pid_t pid; int res = 0; char test[ 5 ]; sprintf( test, "%u", no ); printf( "(%u) ", no ); fflush( stdout ); pid = fork(); if( pid == -1 ) // failed { printf( "Error forking test: %s\n", strerror( errno ) ); exit( 1 ); } else if( pid == 0 ) // child process { // launch process if( verbose && keep_running ) { if( execlp( bin, bin, STR_RUN_TEST, test, STR_VERBOSE, STR_KEEP_RUNNING, NULL ) < 0 ) { printf( "Error running test: %s\n", strerror( errno ) ); return EXIT_FAILURE; } } else if( verbose ) { if( execlp( bin, bin, STR_RUN_TEST, test, STR_VERBOSE, NULL ) < 0 ) { printf( "Error running test: %s\n", strerror( errno ) ); return EXIT_FAILURE; } } else if( keep_running ) { if( execlp( bin, bin, STR_RUN_TEST, test, STR_KEEP_RUNNING, NULL ) < 0 ) { printf( "Error running test: %s\n", strerror( errno ) ); return EXIT_FAILURE; } } else { if( execlp( bin, bin, STR_RUN_TEST, test, NULL ) < 0 ) { printf( "Error running test: %s\n", strerror( errno ) ); return EXIT_FAILURE; } } exit( 0 ); } else { if( wait( &res ) == pid ) { if( WEXITSTATUS( res ) == EXIT_SUCCESS ) return 0; else return EXIT_FAILURE; } } return 0; #endif /* ifdef _WIN32 */ } /* run */
void bad() { char * data; char * &dataRef = data; char dataBuffer[100] = ""; data = dataBuffer; { #ifdef _WIN32 WSADATA wsaData; int wsaDataInit = 0; #endif int recvResult; struct sockaddr_in service; char *replace; SOCKET listenSocket = INVALID_SOCKET; SOCKET acceptSocket = INVALID_SOCKET; size_t dataLen = strlen(data); do { #ifdef _WIN32 if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR) { break; } wsaDataInit = 1; #endif /* POTENTIAL FLAW: Read data using a listen socket */ listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (listenSocket == INVALID_SOCKET) { break; } memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) { break; } if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR) { break; } acceptSocket = accept(listenSocket, NULL, NULL); if (acceptSocket == SOCKET_ERROR) { break; } /* Abort on error or the connection was closed */ recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) { break; } /* Append null terminator */ data[dataLen + recvResult / sizeof(char)] = '\0'; /* Eliminate CRLF */ replace = strchr(data, '\r'); if (replace) { *replace = '\0'; } replace = strchr(data, '\n'); if (replace) { *replace = '\0'; } } while (0); if (listenSocket != INVALID_SOCKET) { CLOSE_SOCKET(listenSocket); } if (acceptSocket != INVALID_SOCKET) { CLOSE_SOCKET(acceptSocket); } #ifdef _WIN32 if (wsaDataInit) { WSACleanup(); } #endif } { char * data = dataRef; /* spawnl - specify the path where the command is located */ /* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */ _spawnl(_P_WAIT, COMMAND_INT_PATH, COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL); } }