[asterisk-commits] tilghman: branch 1.4 r219023 - in /branches/1.4: configs/ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Sep 16 18:21:58 CDT 2009 

Author: tilghman
Date: Wed Sep 16 18:21:53 2009
New Revision: 219023

URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=219023
Log:
Properly deal with quotes in the arguments of '#exec' includes.
(closes issue #15583)
 Reported by: pkempgen
 Patches: 
       20090726__issue15583.diff.txt uploaded by tilghman (license 14)
       20090726__issue15583-1.4-4.diff.txt uploaded by pkempgen (license 169)
 Tested by: pkempgen

Modified:
    branches/1.4/configs/extensions.conf.sample
    branches/1.4/main/config.c

Modified: branches/1.4/configs/extensions.conf.sample
URL: http://svn.asterisk.org/svn-view/asterisk/branches/1.4/configs/extensions.conf.sample?view=diff&rev=219023&r1=219022&r2=219023
==============================================================================
--- branches/1.4/configs/extensions.conf.sample (original)
+++ branches/1.4/configs/extensions.conf.sample Wed Sep 16 18:21:53 2009
@@ -73,6 +73,8 @@
 ; that includes contexts within other contexts. The #include command works
 ; in all asterisk configuration files.
 ;#include "filename.conf"
+;#include <filename.conf>
+;#include filename.conf
 ;
 ; You can execute a program or script that produces config files, and they
 ; will be inserted where you insert the #exec command. The #exec command 
@@ -80,6 +82,9 @@
 ; activate them within asterisk.conf with the "execincludes" option.  They
 ; are otherwise considered a security risk.
 ;#exec /opt/bin/build-extra-contexts.sh
+;#exec /opt/bin/build-extra-contexts.sh --foo="bar"
+;#exec </opt/bin/build-extra-contexts.sh --foo="bar">
+;#exec "/opt/bin/build-extra-contexts.sh --foo=\"bar\""
 ;
 
 ; The "Globals" category contains global variables that can be referenced

Modified: branches/1.4/main/config.c
URL: http://svn.asterisk.org/svn-view/asterisk/branches/1.4/main/config.c?view=diff&rev=219023&r1=219022&r2=219023
==============================================================================
--- branches/1.4/main/config.c (original)
+++ branches/1.4/main/config.c Wed Sep 16 18:21:53 2009
@@ -717,16 +717,25 @@
 		}
 		if (do_include || do_exec) {
 			if (c) {
+				cur = c;
 				/* Strip off leading and trailing "'s and <>'s */
-				while((*c == '<') || (*c == '>') || (*c == '\"')) c++;
-				/* Get rid of leading mess */
-				cur = c;
-				while (!ast_strlen_zero(cur)) {
-					c = cur + strlen(cur) - 1;
-					if ((*c == '>') || (*c == '<') || (*c == '\"'))
-						*c = '\0';
-					else
-						break;
+				if (*c == '"') {
+					/* Dequote */
+					while (*c) {
+						if (*c == '"') {
+							strcpy(c, c + 1); /* SAFE */
+							c--;
+						} else if (*c == '\\') {
+							strcpy(c, c + 1); /* SAFE */
+						}
+						c++;
+					}
+				} else if (*c == '<') {
+					/* C-style include */
+					if (*(c + strlen(c) - 1) == '>') {
+						cur++;
+						*(c + strlen(c) - 1) = '\0';
+					}
 				}
 				/* #exec </path/to/executable>
 				   We create a tmp file, then we #include it, then we delete it. */

More information about the asterisk-commits mailing list