Date: Tue, 09 Jun 2026 16:04:29 +0000 From: Baptiste Daroussin <bapt@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: da3890fdccfa - main - nuageinit: use single-quote shell escaping for hostname in rc.conf.d Message-ID: <6a28398d.21843.2c5b50cd@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by bapt: URL: https://cgit.FreeBSD.org/src/commit/?id=da3890fdccfa7d540ea746182248299b81f95345 commit da3890fdccfa7d540ea746182248299b81f95345 Author: Baptiste Daroussin <bapt@FreeBSD.org> AuthorDate: 2026-06-09 14:04:18 +0000 Commit: Baptiste Daroussin <bapt@FreeBSD.org> CommitDate: 2026-06-09 16:04:24 +0000 nuageinit: use single-quote shell escaping for hostname in rc.conf.d The hostname value was written inside double quotes in /etc/rc.conf.d/hostname. POSIX shell performs command substitution inside double quotes, so a hostname containing $() or backticks would be executed when the file is sourced (e.g., by rc(8)). Switch to using the existing shell_escape() helper, which wraps values in single quotes. In POSIX shell, single-quoted strings are completely literal — no expansion or substitution of any kind is performed. While the hostname is already validated to contain only [a-zA-Z0-9.-], this change provides defense-in-depth so the output format is safe regardless of future validation changes. Reported by: Yazdan Soltani <yazdan.soltani@gmail.com> --- libexec/nuageinit/nuage.lua | 2 +- libexec/nuageinit/tests/nuage.sh | 2 +- libexec/nuageinit/tests/nuageinit.sh | 12 ++++++------ libexec/nuageinit/tests/sethostname.lua | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/libexec/nuageinit/nuage.lua b/libexec/nuageinit/nuage.lua index cbf92627918c..cbd842460e55 100644 --- a/libexec/nuageinit/nuage.lua +++ b/libexec/nuageinit/nuage.lua @@ -187,7 +187,7 @@ local function sethostname(hostname) warnmsg("Impossible to open " .. hostnamepath .. ":" .. err) return end - f:write('hostname="' .. hostname:gsub('"', '\\"') .. '"\n') + f:write("hostname=" .. shell_escape(hostname) .. "\n") f:close() end diff --git a/libexec/nuageinit/tests/nuage.sh b/libexec/nuageinit/tests/nuage.sh index 97c5224c7813..1e08c990eacd 100644 --- a/libexec/nuageinit/tests/nuage.sh +++ b/libexec/nuageinit/tests/nuage.sh @@ -33,7 +33,7 @@ sethostname_body() if [ ! -f etc/rc.conf.d/hostname ]; then atf_fail "hostname not written" fi - atf_check -o inline:"hostname=\"myhostname\"\n" cat etc/rc.conf.d/hostname + atf_check -o inline:"hostname='myhostname'\n" cat etc/rc.conf.d/hostname } addsshkey_body() diff --git a/libexec/nuageinit/tests/nuageinit.sh b/libexec/nuageinit/tests/nuageinit.sh index 798ac235e122..3f3e2843c35d 100644 --- a/libexec/nuageinit/tests/nuageinit.sh +++ b/libexec/nuageinit/tests/nuageinit.sh @@ -80,13 +80,13 @@ nocloud_body() atf_check -s exit:1 -e match:"nuageinit: error parsing nocloud.*" /usr/libexec/nuageinit "${PWD}"/media/nuageinit/ nocloud printf "instance-id: iid-local01\nlocal-hostname: cloudimg\n" > "${PWD}"/media/nuageinit/meta-data atf_check -s exit:0 /usr/libexec/nuageinit "${PWD}"/media/nuageinit nocloud - atf_check -o inline:"hostname=\"cloudimg\"\n" cat etc/rc.conf.d/hostname + atf_check -o inline:"hostname='cloudimg'\n" cat etc/rc.conf.d/hostname cat > media/nuageinit/meta-data << EOF instance-id: iid-local01 hostname: myhost EOF atf_check -s exit:0 /usr/libexec/nuageinit "${PWD}"/media/nuageinit nocloud - atf_check -o inline:"hostname=\"myhost\"\n" cat etc/rc.conf.d/hostname + atf_check -o inline:"hostname='myhost'\n" cat etc/rc.conf.d/hostname } nocloud_userdata_script_body() @@ -250,7 +250,7 @@ config2_body() } EOF atf_check /usr/libexec/nuageinit "${PWD}"/media/nuageinit config-2 - atf_check -o inline:"hostname=\"cloudimg\"\n" cat etc/rc.conf.d/hostname + atf_check -o inline:"hostname='cloudimg'\n" cat etc/rc.conf.d/hostname } config2_pubkeys_head() @@ -1307,7 +1307,7 @@ echo "multipart script executed" --==BOUNDARY==-- EOF atf_check -o empty /usr/libexec/nuageinit "${PWD}"/media/nuageinit config-2 - atf_check -o inline:"hostname=\"multipart-host\"\n" cat etc/rc.conf.d/hostname + atf_check -o inline:"hostname='multipart-host'\n" cat etc/rc.conf.d/hostname atf_check -o inline:"#!/bin/sh\necho \"multipart script executed\"\n" cat var/cache/nuageinit/multipart_script test -x var/cache/nuageinit/multipart_script || atf_fail "multipart_script not executable" true @@ -1376,13 +1376,13 @@ fqdn: host.domain.tld hostname: host EOF atf_check -o empty /usr/libexec/nuageinit "${PWD}"/media/nuageinit config-2 - atf_check -o inline:"hostname=\"host.domain.tld\"\n" cat ${PWD}/etc/rc.conf.d/hostname + atf_check -o inline:"hostname='host.domain.tld'\n" cat ${PWD}/etc/rc.conf.d/hostname cat > media/nuageinit/user_data <<EOF #cloud-config hostname: host EOF atf_check -o empty /usr/libexec/nuageinit "${PWD}"/media/nuageinit config-2 - atf_check -o inline:"hostname=\"host\"\n" cat ${PWD}/etc/rc.conf.d/hostname + atf_check -o inline:"hostname='host'\n" cat ${PWD}/etc/rc.conf.d/hostname } config2_userdata_encode_base64_body() diff --git a/libexec/nuageinit/tests/sethostname.lua b/libexec/nuageinit/tests/sethostname.lua index 0bc7eb2c4475..8973cc6d6e86 100644 --- a/libexec/nuageinit/tests/sethostname.lua +++ b/libexec/nuageinit/tests/sethostname.lua @@ -20,7 +20,7 @@ local function check_hostname(expected) end local content = f:read("*a") f:close() - local expected_content = 'hostname="' .. expected:gsub('"', '\\"') .. '"\n' + local expected_content = "hostname=" .. n.shell_escape(expected) .. "\n" if content ~= expected_content then n.err("hostname mismatch: got '" .. content .. "', expected '" .. expected_content .. "'")home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a28398d.21843.2c5b50cd>