[openwrt/openwrt] base-files: don't evaluate block-device uevent
LEDE Commits
lede-commits at lists.infradead.org
Thu Feb 15 05:46:35 PST 2018
dangole pushed a commit to openwrt/openwrt.git, branch lede-17.01:
https://git.lede-project.org/f60be720772cac8a13d7759be14814d14698a45f
commit f60be720772cac8a13d7759be14814d14698a45f
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Fri Feb 2 01:57:46 2018 +0100
base-files: don't evaluate block-device uevent
Backport commits fixing the detection of GPT partition names during
preinit and sysupgrade, closing a shell-injection vulnerability.
da52dd0c83 ("base-files: quote values when evaluating uevent")
267873ac9b ("base-files: don't evaluate block-device uevent")
Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
package/base-files/files/lib/upgrade/common.sh | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/common.sh b/package/base-files/files/lib/upgrade/common.sh
index 3ddd1e7..8c1b3b1 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -208,7 +208,7 @@ get_magic_long() {
}
export_bootdevice() {
- local cmdline uuid disk uevent
+ local cmdline uuid disk uevent line
local MAJOR MINOR DEVNAME DEVTYPE
if read cmdline < /proc/cmdline; then
@@ -241,8 +241,9 @@ export_bootdevice() {
esac
if [ -e "$uevent" ]; then
- . "$uevent"
-
+ while read line; do
+ export -n "$line"
+ done < "$uevent"
export BOOTDEV_MAJOR=$MAJOR
export BOOTDEV_MINOR=$MINOR
return 0
@@ -254,10 +255,12 @@ export_bootdevice() {
export_partdevice() {
local var="$1" offset="$2"
- local uevent MAJOR MINOR DEVNAME DEVTYPE
+ local uevent line MAJOR MINOR DEVNAME DEVTYPE
for uevent in /sys/class/block/*/uevent; do
- . "$uevent"
+ while read line; do
+ export -n "$line"
+ done < "$uevent"
if [ $BOOTDEV_MAJOR = $MAJOR -a $(($BOOTDEV_MINOR + $offset)) = $MINOR -a -b "/dev/$DEVNAME" ]; then
export "$var=$DEVNAME"
return 0
More information about the lede-commits
mailing list