diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2020-08-05 09:07:00 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2020-08-07 11:05:16 +0200 |
| commit | 4a6795409d1520fd3da3e909a8bcf9d7fd0927bb (patch) | |
| tree | a13685a1c4d6e2e18aa1c2742963d147c2b21dc4 /package/base-files | |
| parent | 0c109df7f02723b3cc59700ef15c1d19e0bcd0f0 (diff) | |
| download | upstream-4a6795409d1520fd3da3e909a8bcf9d7fd0927bb.tar.gz upstream-4a6795409d1520fd3da3e909a8bcf9d7fd0927bb.tar.bz2 upstream-4a6795409d1520fd3da3e909a8bcf9d7fd0927bb.zip | |
base-files: functions.sh: fix config_get() on invalid identifiers
When passing a section or option value to config_get() which contains
characters that happen to be valid variable interpolation expressions,
the function returns a nonsensical expression result instead of the
expected empty string.
When the passed section or option name contains other characters which
are not valid within a shell variable name, a substitution error is
occuring instead.
The issue can be easily reproduced by one of the following examples:
root@OpenWrt:~# . /lib/functions.sh
root@OpenWrt:~# config load system
root@OpenWrt:~# config_get variable invalid-section option
root@OpenWrt:~# echo "$variable"
section_option:-
root@OpenWrt:~# . /lib/functions.sh
root@OpenWrt:~# config load system
root@OpenWrt:~# config_get variable section invalid-option
root@OpenWrt:~# echo "$variable"
option:-
root@OpenWrt:~# . /lib/functions.sh
root@OpenWrt:~# config load system
root@OpenWrt:~# config_get variable section invalid@option
-ash: eval: syntax error: bad substitution
Fix this issue by only performing interpolations when the given section
and option arguments are free of illegal characters.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'package/base-files')
| -rw-r--r-- | package/base-files/Makefile | 2 | ||||
| -rwxr-xr-x | package/base-files/files/lib/functions.sh | 11 |
2 files changed, 9 insertions, 4 deletions
diff --git a/package/base-files/Makefile b/package/base-files/Makefile index 7e0d341705..c3d2aac2bb 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk include $(INCLUDE_DIR)/feeds.mk PKG_NAME:=base-files -PKG_RELEASE:=225 +PKG_RELEASE:=226 PKG_FLAGS:=nonshared PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ diff --git a/package/base-files/files/lib/functions.sh b/package/base-files/files/lib/functions.sh index 323e057451..7da0c872fa 100755 --- a/package/base-files/files/lib/functions.sh +++ b/package/base-files/files/lib/functions.sh @@ -107,9 +107,14 @@ config_unset() { # config_get <variable> <section> <option> [<default>] # config_get <section> <option> config_get() { - case "$3" in - "") eval echo "\"\${CONFIG_${1}_${2}:-\${4}}\"";; - *) eval export ${NO_EXPORT:+-n} -- "${1}=\${CONFIG_${2}_${3}:-\${4}}";; + case "$2${3:-$1}" in + *[^A-Za-z0-9_]*) : ;; + *) + case "$3" in + "") eval echo "\"\${CONFIG_${1}_${2}:-\${4}}\"";; + *) eval export ${NO_EXPORT:+-n} -- "${1}=\${CONFIG_${2}_${3}:-\${4}}";; + esac + ;; esac } |