search

ad-oliviero / uwufetch

A meme system info tool for Linux, based on nyan/uwu trend on r/linuxmasterrace.
GNU General Public License v3.0
751 stars 49 forks source link

[BUG] Arbitrary code execution via code injection #249

Open antecrescent opened 9 months ago

antecrescent commented 9 months ago

Describe the bug https://github.com/TheDarkBug/uwufetch/blob/454b153a2cd09a09ed1ebf4eb2697c386c960381/uwufetch.c#L203-L205 Line 203 and 205 allow for arbitrary code execution via code injection.

To Reproduce

make
./uwufetch -i "; clear; echo foo"
sh: line 1: viu: command not found
foo
[uwufetch output]
▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇

Expected behavior Reject or exit because of unsafe user input.

Desktop (please complete the following information):

Proposed solution Call viu directly and handle its exit code instead of relying on sprintf + shell script.

Are you already working on this bug? No.

ad-oliviero commented 9 months ago

I am rewriting the "rendering" function. I'll keep this in mind.