Merged revisions 219023 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r219023 | tilghman | 2009-09-16 18:21:53 -0500 (Wed, 16 Sep 2009) | 8 lines Properly deal with quotes in the arguments of '#exec' includes. (closes issue #15583) Reported by: pkempgen Patches: 20090726__issue15583.diff.txt uploaded by tilghman (license 14) 20090726__issue15583-1.4-4.diff.txt uploaded by pkempgen (license 169) Tested by: pkempgen ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@219061 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-09-04 20:04:50 +00:00 · 2009-09-16 23:42:12 +00:00
parent d8457eb18c
commit 3093ccb619
2 changed files with 25 additions and 10 deletions
--- a/configs/extensions.conf.sample
+++ b/configs/extensions.conf.sample
@@ -106,6 +106,8 @@ clearglobalvars=no
 ; that includes contexts within other contexts. The #include command works
 ; in all asterisk configuration files.
 ;#include "filename.conf"
+;#include <filename.conf>
+;#include filename.conf
 ;
 ; You can execute a program or script that produces config files, and they
 ; will be inserted where you insert the #exec command. The #exec command
@@ -113,6 +115,9 @@ clearglobalvars=no
 ; activate them within asterisk.conf with the "execincludes" option.  They
 ; are otherwise considered a security risk.
 ;#exec /opt/bin/build-extra-contexts.sh
+;#exec /opt/bin/build-extra-contexts.sh --foo="bar"
+;#exec </opt/bin/build-extra-contexts.sh --foo="bar">
+;#exec "/opt/bin/build-extra-contexts.sh --foo=\"bar\""
 ;

 ; The "Globals" category contains global variables that can be referenced
--- a/main/config.c
+++ b/main/config.c
@@ -1062,18 +1062,28 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 			return 0;	/* XXX is this correct ? or we should return -1 ? */
 		}

-		/* Strip off leading and trailing "'s and <>'s */
-		while ((*c == '<') || (*c == '>') || (*c == '\"')) c++;
-		/* Get rid of leading mess */
 		cur = c;
-		cur2 = cur;
-		while (!ast_strlen_zero(cur)) {
-			c = cur + strlen(cur) - 1;
-			if ((*c == '>') || (*c == '<') || (*c == '\"'))
-				*c = '\0';
-			else
-				break;
+		/* Strip off leading and trailing "'s and <>'s */
+		if (*c == '"') {
+			/* Dequote */
+			while (*c) {
+				if (*c == '"') {
+					strcpy(c, c + 1); /* SAFE */
+					c--;
+				} else if (*c == '\\') {
+					strcpy(c, c + 1); /* SAFE */
+				}
+				c++;
+			}
+		} else if (*c == '<') {
+			/* C-style include */
+			if (*(c + strlen(c) - 1) == '>') {
+				cur++;
+				*(c + strlen(c) - 1) = '\0';
+			}
 		}
+		cur2 = cur;
+
 		/* #exec </path/to/executable>
 		   We create a tmp file, then we #include it, then we delete it. */
 		if (!do_include) {