From bad7e1428dcf4d662bc1fdb5b1ee7d42942321fb Mon Sep 17 00:00:00 2001
From: Th4nat0s <thanspam@trollprod.org>
Date: Sun, 17 Jun 2012 14:29:17 +0200
Subject: [PATCH] f2b-iptable no os inject

---
 fail2ban-iptables | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/fail2ban-iptables b/fail2ban-iptables
index b5712ba7..c681f188 100755
--- a/fail2ban-iptables
+++ b/fail2ban-iptables
@@ -21,6 +21,15 @@
 
 import sys, re, subprocess
 
+# Try to avoid any shell injections
+def noinject(str):
+	for banned_chr in "`&;|":
+		if banned_chr in str: 
+			print "I don't like some chars in your iptables syntax"
+			sys.exit(2)                  
+	return True
+
+# Main procedure
 def main(argv):
  regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
  if regv4.search(argv):   
@@ -45,4 +54,6 @@ def main(argv):
 	
 # Main call, pass all variables
 if __name__ == "__main__":
-    main(" ".join(sys.argv[1:]))
+	pline = " ".join(sys.argv[1:])
+	if noinject(pline):
+		main(pline)