Author: dteske
Date: Mon May 28 23:34:23 2018
New Revision: 334303
URL: https://svnweb.freebsd.org/changeset/base/334303
Log:
sysrc(8): Test variable names for invalid characters
PR: bin/187461
Reported by: e...@looksharp.net
MFC after: 4 weeks
X-MFC-to: stable/11 (after 11.2-R)
Sponsored by: Smule, Inc.
Modified:
head/usr.sbin/sysrc/sysrc
Modified: head/usr.sbin/sysrc/sysrc
==============================================================================
--- head/usr.sbin/sysrc/sysrc Mon May 28 23:20:08 2018 (r334302)
+++ head/usr.sbin/sysrc/sysrc Mon May 28 23:34:23 2018 (r334303)
@@ -370,6 +370,18 @@ if [ "$LIST_SERVICE_CONFS" ]; then
fi
#
+# Validate arguments
+#
+for name in "$@"; do
+ # NB: shell expansion syntax removed first
+ name="${name%%:[+=-]*}"
+ name="${name%%[%#+=-]*}"
+ [ "$name" = "${name#*[!$VALID_VARNAME_CHARS]}" ] || die \
+ "%s: %s: name contains characters not allowed in shell" \
+ "$pgm" "$name"
+done
+
+#
# Process `-s name' argument
#
if [ "$SERVICE" -a ! "${RC_CONFS+set}" ]; then
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
