extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-18 23:57:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Don't emit dangerous %ENV entries to the generated script

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-09-10 08:18:46 -07:00
parent a3f6b9292e
commit 8ce60ce825
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3373,13 +3373,22 @@ sub export_params() {
# #
# Don't export pairs from %ENV # Don't export pairs from %ENV
# #
if ( exists $ENV{$param} && defined $ENV{$param} ) { if ( exists $ENV{$param} ) {
next unless defined $ENV{$param};
next if $value eq $ENV{$param}; next if $value eq $ENV{$param};
#
# Don't export anything from %ENV that contains quotes.
# We don't know that $SHOREWALL_SHELL was used to
# process the params file (may even be processed on a
# different system) so we don't know $SHOREWALL_SHELL's
# convention for escaping quotes
#
next if $value =~ /[\n'"]/;
} }
emit "#\n# From the params file\n#" unless $count++; emit "#\n# From the params file\n#" unless $count++;
if ( $value =~ /[\s()[]/ ) { if ( $value =~ /[\s()[`]/ ) {
emit "$param='$value'"; emit "$param='$value'";
} else { } else {
emit "$param=$value"; emit "$param=$value";