aboutsummaryrefslogtreecommitdiffstats
path: root/package/base-files
diff options
context:
space:
mode:
authorDaniel Golle <daniel@makrotopia.org>2018-02-12 23:36:54 +0100
committerDaniel Golle <daniel@makrotopia.org>2018-02-13 00:01:44 +0100
commit267873ac9b9e5565f1f1550c931c413f5b5dda9d (patch)
treec0106de9dcadc57b5386b1e732d14866057343ab /package/base-files
parent49d3c5f057768cfc6e0545267256c64baf19a4e2 (diff)
downloadupstream-267873ac9b9e5565f1f1550c931c413f5b5dda9d.tar.gz
upstream-267873ac9b9e5565f1f1550c931c413f5b5dda9d.tar.bz2
upstream-267873ac9b9e5565f1f1550c931c413f5b5dda9d.zip
base-files: don't evaluate block-device uevent
Current code and also before commit da52dd0c83 was vulnerable to shell injection using volume lables in the GPT partition table of block devices. Given that partition names can be freely defined in GPT tables we really shouldn't evaluate a string which is potentially crafted with evil intentions. Hence rather use `export -n` to absorb the uevent's variables into the environment. Fixes commit da52dd0c83 (base-files: quote values when evaluating uevent) Signed-off-by: Daniel Golle <daniel@makrotopia.org> [mschiffer@universe-factory.net: suggested export -n usage]
Diffstat (limited to 'package/base-files')
-rw-r--r--package/base-files/files/lib/upgrade/common.sh12
1 files changed, 8 insertions, 4 deletions
diff --git a/package/base-files/files/lib/upgrade/common.sh b/package/base-files/files/lib/upgrade/common.sh
index 616131c89c..5f5c9dc8a3 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -101,7 +101,7 @@ get_magic_long() {
}
export_bootdevice() {
- local cmdline uuid disk uevent
+ local cmdline uuid disk uevent line
local MAJOR MINOR DEVNAME DEVTYPE
if read cmdline < /proc/cmdline; then
@@ -134,7 +134,9 @@ export_bootdevice() {
esac
if [ -e "$uevent" ]; then
- eval "$(sed "s/=\(.*\)/=\'\1\'/" < "$uevent")"
+ while read line; do
+ export -n "$line"
+ done < "$uevent"
export BOOTDEV_MAJOR=$MAJOR
export BOOTDEV_MINOR=$MINOR
return 0
@@ -146,10 +148,12 @@ export_bootdevice() {
export_partdevice() {
local var="$1" offset="$2"
- local uevent MAJOR MINOR DEVNAME DEVTYPE
+ local uevent line MAJOR MINOR DEVNAME DEVTYPE
for uevent in /sys/class/block/*/uevent; do
- eval "$(sed "s/=\(.*\)/=\'\1\'/" < "$uevent")"
+ while read line; do
+ export -n "$line"
+ done < "$uevent"
if [ $BOOTDEV_MAJOR = $MAJOR -a $(($BOOTDEV_MINOR + $offset)) = $MINOR -a -b "/dev/$DEVNAME" ]; then
export "$var=$DEVNAME"
return 0