When passing a section or option value to config_get() which contains
characters that happen to be valid variable interpolation expressions,
the function returns a nonsensical expression result instead of the
expected empty string.
When the passed section or option name contains other characters which
are not valid within a shell variable name, a substitution error is
occuring instead.
The issue can be easily reproduced by one of the following examples:
root@OpenWrt:~# . /lib/functions.sh
root@OpenWrt:~# config load system
root@OpenWrt:~# config_get variable invalid-section option
root@OpenWrt:~# echo "$variable"
section_option:-
root@OpenWrt:~# . /lib/functions.sh
root@OpenWrt:~# config load system
root@OpenWrt:~# config_get variable section invalid-option
root@OpenWrt:~# echo "$variable"
option:-
root@OpenWrt:~# . /lib/functions.sh
root@OpenWrt:~# config load system
root@OpenWrt:~# config_get variable section invalid@option
-ash: eval: syntax error: bad substitution
Fix this issue by only performing interpolations when the given section
and option arguments are free of illegal characters.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
include $(INCLUDE_DIR)/feeds.mk
PKG_NAME:=base-files
-PKG_RELEASE:=225
+PKG_RELEASE:=226
PKG_FLAGS:=nonshared
PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
# config_get <variable> <section> <option> [<default>]
# config_get <section> <option>
config_get() {
- case "$3" in
- "") eval echo "\"\${CONFIG_${1}_${2}:-\${4}}\"";;
- *) eval export ${NO_EXPORT:+-n} -- "${1}=\${CONFIG_${2}_${3}:-\${4}}";;
+ case "$2${3:-$1}" in
+ *[^A-Za-z0-9_]*) : ;;
+ *)
+ case "$3" in
+ "") eval echo "\"\${CONFIG_${1}_${2}:-\${4}}\"";;
+ *) eval export ${NO_EXPORT:+-n} -- "${1}=\${CONFIG_${2}_${3}:-\${4}}";;
+ esac
+ ;;
esac
}
projects / openwrt / staging / dedeckeh.git / commitdiff