kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-08 14:17:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Properly deal with quotes in the arguments of '#exec' includes.

Browse Source 
(closes issue #15583)
 Reported by: pkempgen
 Patches: 
       20090726__issue15583.diff.txt uploaded by tilghman (license 14)
       20090726__issue15583-1.4-4.diff.txt uploaded by pkempgen (license 169)
 Tested by: pkempgen


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@219023 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Tilghman Lesher
2009-09-16 23:21:53 +00:00
parent 6913d06d19
commit d28e69ad5d
2 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configs/extensions.conf.sample
View File

@@ -73,6 +73,8 @@ clearglobalvars=no
; that includes contexts within other contexts. The #include command works ; that includes contexts within other contexts. The #include command works
; in all asterisk configuration files. ; in all asterisk configuration files.
;#include "filename.conf" ;#include "filename.conf"
;#include <filename.conf>
;#include filename.conf
; ;
; You can execute a program or script that produces config files, and they ; You can execute a program or script that produces config files, and they
; will be inserted where you insert the #exec command. The #exec command ; will be inserted where you insert the #exec command. The #exec command
@@ -80,6 +82,9 @@ clearglobalvars=no
; activate them within asterisk.conf with the "execincludes" option. They ; activate them within asterisk.conf with the "execincludes" option. They
; are otherwise considered a security risk. ; are otherwise considered a security risk.
;#exec /opt/bin/build-extra-contexts.sh ;#exec /opt/bin/build-extra-contexts.sh
;#exec /opt/bin/build-extra-contexts.sh --foo="bar"
;#exec </opt/bin/build-extra-contexts.sh --foo="bar">
;#exec "/opt/bin/build-extra-contexts.sh --foo=\"bar\""
; ;
; The "Globals" category contains global variables that can be referenced ; The "Globals" category contains global variables that can be referenced

27
main/config.c
View File

@@ -717,16 +717,25 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
} }
if (do_include || do_exec) { if (do_include || do_exec) {
if (c) { if (c) {
/* Strip off leading and trailing "'s and <>'s */
while((*c == '<') || (*c == '>') || (*c == '\"')) c++;
/* Get rid of leading mess */
cur = c; cur = c;
while (!ast_strlen_zero(cur)) { /* Strip off leading and trailing "'s and <>'s */
c = cur + strlen(cur) - 1; if (*c == '"') {
if ((*c == '>') || (*c == '<') || (*c == '\"')) /* Dequote */
*c = '\0'; while (*c) {
else if (*c == '"') {
break; strcpy(c, c + 1); /* SAFE */
c--;
} else if (*c == '\\') {
strcpy(c, c + 1); /* SAFE */
}
c++;
}
} else if (*c == '<') {
/* C-style include */
if (*(c + strlen(c) - 1) == '>') {
cur++;
*(c + strlen(c) - 1) = '\0';
}
} }
/* #exec </path/to/executable> /* #exec </path/to/executable>
We create a tmp file, then we #include it, then we delete it. */ We create a tmp file, then we #include it, then we delete it. */