1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
11 #include "os_regex/os_regex.h"
14 static char exec_names[MAX_AR + 1][OS_FLSIZE + 1];
15 static char exec_cmd[MAX_AR + 1][OS_FLSIZE + 1];
16 static int exec_timeout[MAX_AR + 1];
17 static int exec_size = 0;
18 static int f_time_reading = 1;
21 /* Read the shared exec config
22 * Returns 1 on success or 0 on failure
23 * Format of the file is 'name - command - timeout'
27 int i = 0, j = 0, dup_entry = 0;
30 char buffer[OS_MAXSTR + 1];
33 for (i = 0; i <= exec_size + 1; i++) {
34 memset(exec_names[i], '\0', OS_FLSIZE + 1);
35 memset(exec_cmd[i], '\0', OS_FLSIZE + 1);
41 fp = fopen(DEFAULTARPATH, "r");
43 merror(FOPEN_ERROR, ARGV0, DEFAULTARPATH, errno, strerror(errno));
48 while (fgets(buffer, OS_MAXSTR, fp) != NULL) {
54 /* Clean up the buffer */
55 tmp_str = strstr(buffer, " - ");
57 merror(EXEC_INV_CONF, ARGV0, DEFAULTARPATH);
64 strncpy(exec_names[exec_size], str_pt, OS_FLSIZE);
65 exec_names[exec_size][OS_FLSIZE] = '\0';
69 /* Search for ' ' and - */
70 tmp_str = strstr(tmp_str, " - ");
72 merror(EXEC_INV_CONF, ARGV0, DEFAULTARPATH);
78 // Directory traversal test
80 if (w_ref_parent_folder(str_pt)) {
81 merror("Active response command '%s' vulnerable to directory transversal attack. Ignoring.", str_pt);
82 exec_cmd[exec_size][0] = '\0';
84 /* Write the full command path */
85 snprintf(exec_cmd[exec_size], OS_FLSIZE,
89 process_file = fopen(exec_cmd[exec_size], "r");
92 verbose("%s: INFO: Active response command not present: '%s'. "
93 "Not using it on this system.",
94 ARGV0, exec_cmd[exec_size]);
97 exec_cmd[exec_size][0] = '\0';
104 tmp_str = strchr(tmp_str, '\n');
109 /* Get the exec timeout */
110 exec_timeout[exec_size] = atoi(str_pt);
112 /* Check if name is duplicated */
114 for (j = 0; j < exec_size; j++) {
115 if (strcmp(exec_names[j], exec_names[exec_size]) == 0) {
116 if (exec_cmd[j][0] == '\0') {
117 strncpy(exec_cmd[j], exec_cmd[exec_size], OS_FLSIZE);
118 exec_cmd[j][OS_FLSIZE] = '\0';
121 } else if (exec_cmd[exec_size][0] == '\0') {
128 exec_cmd[exec_size][0] = '\0';
129 exec_names[exec_size][0] = '\0';
130 exec_timeout[exec_size] = 0;
142 /* Returns a pointer to the command name (full path)
143 * Returns NULL if name cannot be found
144 * If timeout is not NULL, write the timeout for that
147 char *GetCommandbyName(const char *name, int *timeout)
151 for (; i < exec_size; i++) {
152 if (strcmp(name, exec_names[i]) == 0) {
153 *timeout = exec_timeout[i];
154 return (exec_cmd[i]);
163 /* Execute command given. Must be a argv** NULL terminated.
164 * Prints error to log message in case of problems
166 void ExecCmd(char *const *cmd)
170 /* Fork and leave it running */
173 if (execv(*cmd, cmd) < 0) {
174 merror(EXEC_CMDERROR, ARGV0, *cmd, strerror(errno));
186 void ExecCmd_Win32(char *cmd)
189 PROCESS_INFORMATION pi;
191 ZeroMemory( &si, sizeof(si) );
193 ZeroMemory( &pi, sizeof(pi) );
195 if (!CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL,
197 merror("%s: ERROR: Unable to create active response process. ", ARGV0);
201 /* Wait until process exits */
202 WaitForSingleObject(pi.hProcess, INFINITE );
204 /* Close process and thread */
205 CloseHandle( pi.hProcess );
206 CloseHandle( pi.hThread );