Skip to content

Fix/command injection interface #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Napsty merged 4 commits into from
Apr 24, 2026
Merged

Fix/command injection interface #117

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8b3b678
Fix command injection vulnerability
Napsty Apr 22, 2026
64f714b
Fix command injection vulnerability
Napsty Apr 24, 2026
5d310b1
Fix command injection vulnerability
Napsty Apr 24, 2026
897ecc5
Fix command injection vulnerability
Napsty Apr 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 12 additions & 7 deletions check_smart.pl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,13 +67,14 @@
# Dec 15, 2025: Florian Sager - Fix evaluating ATA Error Count: 0 as a warning (6.17.0)
# Dec 15, 2025: Philippe Beaumont - Add areca devices (6.17.0)
# Apr 21, 2026: Claudio Kuenzler - Fix sys path for sudo command. Detect NVME input/output error (6.18.0)
# Apr 24, 2026: Claudio Kuenzler - Fix command injection vulnerability in interface parameter (6.18.1)

use strict;
use Getopt::Long;
use File::Basename qw(basename);

my $basename = basename($0);
my $revision = '6.18.0';
my $revision = '6.18.1';

# Standard Nagios return codes
my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
Expand Down Expand Up @@ -157,12 +158,13 @@
}

foreach my $opt_dl (@dev){
warn "Found $opt_dl\n" if $opt_debug;
if (-b $opt_dl || -c $opt_dl || $opt_dl =~ m/^\/dev\/bus\/\d$/) {
warn "(debug) Found $opt_dl\n" if $opt_debug;
if (-l $opt_dl) {
warn "(debug) $opt_dl is a symlink, skipping for security reasons\n" if $opt_debug;
} elsif (-b $opt_dl || -c $opt_dl || $opt_dl =~ m/^\/dev\/bus\/\d$/) {
$device .= $opt_dl."|";

} else {
warn "$opt_dl is not a valid block/character special device!\n\n" if $opt_debug;
warn "(debug) $opt_dl is not a valid block/character special device!\n\n" if $opt_debug;
}
}

Expand All @@ -174,8 +176,11 @@

# Allow all device types currently supported by smartctl
# See http://www.smartmontools.org/wiki/Supported_RAID-Controllers

if ($opt_i =~ m/^(ata|scsi|3ware|areca|hpt|aacraid|cciss|megaraid|sat|auto|nvme|usbjmicron)/) {
# Validate interface parameter strictly to prevent command injection
# Simple interfaces must match exactly; RAID interfaces allow device specifiers (see --help)
if ($opt_i =~ m/^(ata|scsi|sat|auto|nvme)$/ ||
$opt_i =~ m/^(3ware|areca|aacraid|cciss|megaraid|usbjmicron),(\d+|\[\d+-\d+\])$/ ||
$opt_i =~ m/^hpt,\d+\/\d+\/\d+$/) {
$interface = $opt_i;
if($interface =~ m/megaraid,\[(\d{1,2})-(\d{1,2})\]/) {
$interface = "";
Expand Down