[openwrt/openwrt] dnsmasq: gate configdir usage behind absolute path check

Sun Oct 20 12:57:20 PDT 2024

hauke pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/3407269ba593aec49583d036ff1f8745bde330dc

commit 3407269ba593aec49583d036ff1f8745bde330dc
Author: Paul Donald <newtwen+github at gmail.com>
AuthorDate: Sun Apr 7 14:23:57 2024 +0200

    dnsmasq: gate configdir usage behind absolute path check
    
    don't use configuration directories which are relative
    
    Signed-off-by: Paul Donald <newtwen+github at gmail.com>
    Link: https://github.com/openwrt/openwrt/pull/14975
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 .../network/services/dnsmasq/files/dnsmasq.init    | 23 ++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 451cb674f8..b864ea9069 100755
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -1147,16 +1147,19 @@ dnsmasq_start()
 
 	# Create a dnsmasq.d dir for each instance
 	config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"
-	xappend "--conf-dir=$dnsmasqconfdir"
-	dnsmasqconfdir="${dnsmasqconfdir%%,*}"
-	[ ! -d "$dnsmasqconfdir" ] && mkdir -p "$dnsmasqconfdir"
-	xappend "--user=dnsmasq"
-	xappend "--group=dnsmasq"
-	echo >> "$CONFIGFILE_TMP"
-
-	# EXTRACONFFILE allows new dnsmasq parameters before they are natively handled in this init file
-	config_get extraconftext "$cfg" extraconftext
-	[ -n "$extraconftext" ] && echo -e "$extraconftext" > "$dnsmasqconfdir"/"$EXTRACONFFILE"
+	# Ensure dnsmasqconfdir is an absolute path
+	[ "${dnsmasqconfdir:0:1}" = '/' ] && {
+		xappend "--conf-dir=$dnsmasqconfdir"
+		dnsmasqconfdir="${dnsmasqconfdir%%,*}"
+		[ ! -d "$dnsmasqconfdir" ] && mkdir -p "$dnsmasqconfdir"
+		xappend "--user=dnsmasq"
+		xappend "--group=dnsmasq"
+		echo >> "$CONFIGFILE_TMP"
+
+		# EXTRACONFFILE allows new dnsmasq parameters before they are natively handled in this init file
+		config_get extraconftext "$cfg" extraconftext
+		[ -n "$extraconftext" ] && echo -e "$extraconftext" > "$dnsmasqconfdir"/"$EXTRACONFFILE"
+	}
 
 	config_get_bool enable_tftp "$cfg" enable_tftp 0
 	[ "$enable_tftp" -gt 0 ] && {


