Date: Mon, 28 May 2018 23:34:23 +0000 (UTC) From: Devin Teske <dteske@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r334303 - head/usr.sbin/sysrc Message-ID: <201805282334.w4SNYNId011688@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dteske Date: Mon May 28 23:34:23 2018 New Revision: 334303 URL: https://svnweb.freebsd.org/changeset/base/334303 Log: sysrc(8): Test variable names for invalid characters PR: bin/187461 Reported by: ebay@looksharp.net MFC after: 4 weeks X-MFC-to: stable/11 (after 11.2-R) Sponsored by: Smule, Inc. Modified: head/usr.sbin/sysrc/sysrc Modified: head/usr.sbin/sysrc/sysrc ============================================================================== --- head/usr.sbin/sysrc/sysrc Mon May 28 23:20:08 2018 (r334302) +++ head/usr.sbin/sysrc/sysrc Mon May 28 23:34:23 2018 (r334303) @@ -370,6 +370,18 @@ if [ "$LIST_SERVICE_CONFS" ]; then fi # +# Validate arguments +# +for name in "$@"; do + # NB: shell expansion syntax removed first + name="${name%%:[+=-]*}" + name="${name%%[%#+=-]*}" + [ "$name" = "${name#*[!$VALID_VARNAME_CHARS]}" ] || die \ + "%s: %s: name contains characters not allowed in shell" \ + "$pgm" "$name" +done + +# # Process `-s name' argument # if [ "$SERVICE" -a ! "${RC_CONFS+set}" ]; then
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805282334.w4SNYNId011688>