From 563af8b47b68fe146c5be75d9444ea09bcc85334 Mon Sep 17 00:00:00 2001 From: Tilghman Lesher Date: Wed, 16 Sep 2009 23:52:26 +0000 Subject: [PATCH] Merged revisions 219061 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r219061 | tilghman | 2009-09-16 18:42:12 -0500 (Wed, 16 Sep 2009) | 15 lines Merged revisions 219023 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r219023 | tilghman | 2009-09-16 18:21:53 -0500 (Wed, 16 Sep 2009) | 8 lines Properly deal with quotes in the arguments of '#exec' includes. (closes issue #15583) Reported by: pkempgen Patches: 20090726__issue15583.diff.txt uploaded by tilghman (license 14) 20090726__issue15583-1.4-4.diff.txt uploaded by pkempgen (license 169) Tested by: pkempgen ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.0@219064 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- configs/extensions.conf.sample | 5 ++ main/config.c | 84 +++++++++++++++++++--------------- 2 files changed, 52 insertions(+), 37 deletions(-) diff --git a/configs/extensions.conf.sample b/configs/extensions.conf.sample index 7586de65e2..bcc6fe3889 100644 --- a/configs/extensions.conf.sample +++ b/configs/extensions.conf.sample @@ -106,6 +106,8 @@ clearglobalvars=no ; that includes contexts within other contexts. The #include command works ; in all asterisk configuration files. ;#include "filename.conf" +;#include +;#include filename.conf ; ; You can execute a program or script that produces config files, and they ; will be inserted where you insert the #exec command. The #exec command @@ -113,6 +115,9 @@ clearglobalvars=no ; activate them within asterisk.conf with the "execincludes" option. They ; are otherwise considered a security risk. ;#exec /opt/bin/build-extra-contexts.sh +;#exec /opt/bin/build-extra-contexts.sh --foo="bar" +;#exec +;#exec "/opt/bin/build-extra-contexts.sh --foo=\"bar\"" ; ; The "Globals" category contains global variables that can be referenced diff --git a/main/config.c b/main/config.c index c79b0ef230..a933b3fbe7 100644 --- a/main/config.c +++ b/main/config.c @@ -1033,45 +1033,55 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat, return 0; /* XXX is this correct ? or we should return -1 ? */ } - /* Strip off leading and trailing "'s and <>'s */ - while ((*c == '<') || (*c == '>') || (*c == '\"')) c++; - /* Get rid of leading mess */ - cur = c; - cur2 = cur; - while (!ast_strlen_zero(cur)) { - c = cur + strlen(cur) - 1; - if ((*c == '>') || (*c == '<') || (*c == '\"')) - *c = '\0'; - else - break; + cur = c; + /* Strip off leading and trailing "'s and <>'s */ + if (*c == '"') { + /* Dequote */ + while (*c) { + if (*c == '"') { + strcpy(c, c + 1); /* SAFE */ + c--; + } else if (*c == '\\') { + strcpy(c, c + 1); /* SAFE */ } - /* #exec - We create a tmp file, then we #include it, then we delete it. */ - if (!do_include) { - struct timeval tv = ast_tvnow(); - if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE)) - config_cache_attribute(configfile, ATTRIBUTE_EXEC, NULL, who_asked); - snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d%d.%ld", (int)tv.tv_sec, (int)tv.tv_usec, (long)pthread_self()); - snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file); - ast_safe_system(cmd); - cur = exec_file; - } else { - if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE)) - config_cache_attribute(configfile, ATTRIBUTE_INCLUDE, cur, who_asked); - exec_file[0] = '\0'; - } - /* A #include */ - /* record this inclusion */ - inclu = ast_include_new(cfg, cfg->include_level == 1 ? "" : configfile, cur, !do_include, cur2, lineno, real_inclusion_name, sizeof(real_inclusion_name)); + c++; + } + } else if (*c == '<') { + /* C-style include */ + if (*(c + strlen(c) - 1) == '>') { + cur++; + *(c + strlen(c) - 1) = '\0'; + } + } + cur2 = cur; - do_include = ast_config_internal_load(cur, cfg, flags, real_inclusion_name, who_asked) ? 1 : 0; - if (!ast_strlen_zero(exec_file)) - unlink(exec_file); - if (!do_include) { - ast_log(LOG_ERROR, "The file '%s' was listed as a #include but it does not exist.\n", cur); - return -1; - } - /* XXX otherwise what ? the default return is 0 anyways */ + /* #exec + We create a tmp file, then we #include it, then we delete it. */ + if (!do_include) { + struct timeval tv = ast_tvnow(); + if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE)) + config_cache_attribute(configfile, ATTRIBUTE_EXEC, NULL, who_asked); + snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d%d.%ld", (int)tv.tv_sec, (int)tv.tv_usec, (long)pthread_self()); + snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file); + ast_safe_system(cmd); + cur = exec_file; + } else { + if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE)) + config_cache_attribute(configfile, ATTRIBUTE_INCLUDE, cur, who_asked); + exec_file[0] = '\0'; + } + /* A #include */ + /* record this inclusion */ + inclu = ast_include_new(cfg, cfg->include_level == 1 ? "" : configfile, cur, !do_include, cur2, lineno, real_inclusion_name, sizeof(real_inclusion_name)); + + do_include = ast_config_internal_load(cur, cfg, flags, real_inclusion_name, who_asked) ? 1 : 0; + if (!ast_strlen_zero(exec_file)) + unlink(exec_file); + if (!do_include) { + ast_log(LOG_ERROR, "The file '%s' was listed as a #include but it does not exist.\n", cur); + return -1; + } + /* XXX otherwise what ? the default return is 0 anyways */ } else { /* Just a line (variable = value) */