kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-17 07:18:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged revisions 219061 via svnmerge from

Browse Source 
https://origsvn.digium.com/svn/asterisk/trunk

................
  r219061 | tilghman | 2009-09-16 18:42:12 -0500 (Wed, 16 Sep 2009) | 15 lines
  
  Merged revisions 219023 via svnmerge from 
  https://origsvn.digium.com/svn/asterisk/branches/1.4
  
  ........
    r219023 | tilghman | 2009-09-16 18:21:53 -0500 (Wed, 16 Sep 2009) | 8 lines
    
    Properly deal with quotes in the arguments of '#exec' includes.
    (closes issue #15583)
     Reported by: pkempgen
     Patches: 
           20090726__issue15583.diff.txt uploaded by tilghman (license 14)
           20090726__issue15583-1.4-4.diff.txt uploaded by pkempgen (license 169)
     Tested by: pkempgen
  ........
................


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.0@219064 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Tilghman Lesher
2009-09-16 23:52:26 +00:00
parent b022998f4d
commit 563af8b47b
2 changed files with 52 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configs/extensions.conf.sample
View File

@@ -106,6 +106,8 @@ clearglobalvars=no
; that includes contexts within other contexts. The #include command works ; that includes contexts within other contexts. The #include command works
; in all asterisk configuration files. ; in all asterisk configuration files.
;#include "filename.conf" ;#include "filename.conf"
;#include <filename.conf>
;#include filename.conf
; ;
; You can execute a program or script that produces config files, and they ; You can execute a program or script that produces config files, and they
; will be inserted where you insert the #exec command. The #exec command ; will be inserted where you insert the #exec command. The #exec command
@@ -113,6 +115,9 @@ clearglobalvars=no
; activate them within asterisk.conf with the "execincludes" option. They ; activate them within asterisk.conf with the "execincludes" option. They
; are otherwise considered a security risk. ; are otherwise considered a security risk.
;#exec /opt/bin/build-extra-contexts.sh ;#exec /opt/bin/build-extra-contexts.sh
;#exec /opt/bin/build-extra-contexts.sh --foo="bar"
;#exec </opt/bin/build-extra-contexts.sh --foo="bar">
;#exec "/opt/bin/build-extra-contexts.sh --foo=\"bar\""
; ;
; The "Globals" category contains global variables that can be referenced ; The "Globals" category contains global variables that can be referenced

84
main/config.c
View File

@@ -1033,45 +1033,55 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
return 0; /* XXX is this correct ? or we should return -1 ? */ return 0; /* XXX is this correct ? or we should return -1 ? */
} }
/* Strip off leading and trailing "'s and <>'s */ cur = c;
while ((*c == '<') || (*c == '>') || (*c == '\"')) c++; /* Strip off leading and trailing "'s and <>'s */
/* Get rid of leading mess */ if (*c == '"') {
cur = c; /* Dequote */
cur2 = cur; while (*c) {
while (!ast_strlen_zero(cur)) { if (*c == '"') {
c = cur + strlen(cur) - 1; strcpy(c, c + 1); /* SAFE */
if ((*c == '>') || (*c == '<') || (*c == '\"')) c--;
*c = '\0'; } else if (*c == '\\') {
else strcpy(c, c + 1); /* SAFE */
break;
} }
/* #exec </path/to/executable> c++;
We create a tmp file, then we #include it, then we delete it. */ }
if (!do_include) { } else if (*c == '<') {
struct timeval tv = ast_tvnow(); /* C-style include */
if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE)) if (*(c + strlen(c) - 1) == '>') {
config_cache_attribute(configfile, ATTRIBUTE_EXEC, NULL, who_asked); cur++;
snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d%d.%ld", (int)tv.tv_sec, (int)tv.tv_usec, (long)pthread_self()); *(c + strlen(c) - 1) = '\0';
snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file); }
ast_safe_system(cmd); }
cur = exec_file; cur2 = cur;
} else {
if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE))
config_cache_attribute(configfile, ATTRIBUTE_INCLUDE, cur, who_asked);
exec_file[0] = '\0';
}
/* A #include */
/* record this inclusion */
inclu = ast_include_new(cfg, cfg->include_level == 1 ? "" : configfile, cur, !do_include, cur2, lineno, real_inclusion_name, sizeof(real_inclusion_name));
do_include = ast_config_internal_load(cur, cfg, flags, real_inclusion_name, who_asked) ? 1 : 0; /* #exec </path/to/executable>
if (!ast_strlen_zero(exec_file)) We create a tmp file, then we #include it, then we delete it. */
unlink(exec_file); if (!do_include) {
if (!do_include) { struct timeval tv = ast_tvnow();
ast_log(LOG_ERROR, "The file '%s' was listed as a #include but it does not exist.\n", cur); if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE))
return -1; config_cache_attribute(configfile, ATTRIBUTE_EXEC, NULL, who_asked);
} snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d%d.%ld", (int)tv.tv_sec, (int)tv.tv_usec, (long)pthread_self());
/* XXX otherwise what ? the default return is 0 anyways */ snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file);
ast_safe_system(cmd);
cur = exec_file;
} else {
if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE))
config_cache_attribute(configfile, ATTRIBUTE_INCLUDE, cur, who_asked);
exec_file[0] = '\0';
}
/* A #include */
/* record this inclusion */
inclu = ast_include_new(cfg, cfg->include_level == 1 ? "" : configfile, cur, !do_include, cur2, lineno, real_inclusion_name, sizeof(real_inclusion_name));
do_include = ast_config_internal_load(cur, cfg, flags, real_inclusion_name, who_asked) ? 1 : 0;
if (!ast_strlen_zero(exec_file))
unlink(exec_file);
if (!do_include) {
ast_log(LOG_ERROR, "The file '%s' was listed as a #include but it does not exist.\n", cur);
return -1;
}
/* XXX otherwise what ? the default return is 0 anyways */
} else { } else {
/* Just a line (variable = value) */ /* Just a line (variable = value) */