exec: add parameter to control the option for bash exec safety check of CVE-2014-6271

- parameter: bash_safety - default is 1 (enabled), set to 0 to disable
- just in case someone needs that kind of header and knows what
  he/she does

modules/exec/exec_hf.c

@@ -52,6 +52,8 @@
 #include "../../char_msg_val.h"
 #include "exec_hf.h"
 
+extern int exec_bash_safety;
+
 /* should be environment variables set by header fields ? */
 unsigned int setvars=1;
 
@@ -256,7 +258,7 @@ static int print_hf_var(struct hf_wrapper *w, int offset)
 	memcpy(envvar, w->prefix, w->prefix_len); c=envvar+w->prefix_len;
 	memcpy(c, hname, hlen ); c+=hlen;
 	*c=EV_ASSIGN;c++;
-	if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) {
+	if (exec_bash_safety && !strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) {
 		memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 );
 		c+=(w->u.hf->body.len-2);
 	} else {
@@ -265,7 +267,7 @@ static int print_hf_var(struct hf_wrapper *w, int offset)
 	}
 	for (wi=w->next_same; wi; wi=wi->next_same) {
 		*c=HF_SEPARATOR;c++;
-		if (!strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) {
+		if (exec_bash_safety && !strncmp(w->u.hf->body.s,"() {",MIN(w->u.hf->body.len,4))) {
 			memcpy(c, w->u.hf->body.s+offset+2, w->u.hf->body.len-2 );
 			c+=(w->u.hf->body.len-2);
 		} else {

modules/exec/exec_mod.c

@@ -44,6 +44,7 @@
 MODULE_VERSION
 
 unsigned int time_to_kill=0;
+int exec_bash_safety=1;
 
 static int mod_init( void );
 
@@ -77,6 +78,7 @@ static cmd_export_t cmds[] = {
 static param_export_t params[] = {
 	{"time_to_kill", INT_PARAM, &time_to_kill},
 	{"setvars",      INT_PARAM, &setvars     },
+	{"bash_safety",  INT_PARAM, &exec_bash_safety     },
 	{0, 0, 0}
 };