mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

bbfdm: fix shell injection in /etc/firewall.service

Browse source 
Avoid use of eval


(cherry picked from commit 53167364863ef4afc249045fe5dcb510e3ec164d)
This commit is contained in:
Erik Karlsson 2024-03-12 17:52:02 +01:00 committed by Vivek Kumar Dutta
parent fd842a5638
commit 32848d7f69
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
bbfdm/files/etc/firewall.service
View file

@ -7,7 +7,7 @@ log() {
} }
exec_cmd() { exec_cmd() {
if ! eval "$*"; then if ! "$@"; then
log "Failed to run [$*]" log "Failed to run [$*]"
echo "-1" echo "-1"
return 0 return 0
@ -73,7 +73,7 @@ add_iptable_rule() {
fi fi
if [ -z "${src_prefix}" ]; then if [ -z "${src_prefix}" ]; then
res=$(exec_cmd "iptables ${cmd} -m comment --comment IPtables_service_rule -j ${action}") res=$(exec_cmd iptables -w ${cmd} -m comment --comment IPtables_service_rule -j "${action}")
else else
#Add ipv4 sources if any #Add ipv4 sources if any
src_list="" src_list=""
@ -86,7 +86,7 @@ add_iptable_rule() {
if [ -n "$src_list" ]; then if [ -n "$src_list" ]; then
src_list=$(echo "${src_list}" | sed "s/,$//") src_list=$(echo "${src_list}" | sed "s/,$//")
res=$(exec_cmd "iptables -s $src_list ${cmd} -m comment --comment IPtables_service_rule -j ${action}") res=$(exec_cmd iptables -w -s "$src_list" ${cmd} -m comment --comment IPtables_service_rule -j "${action}")
fi fi
fi fi
fi fi
@ -97,7 +97,7 @@ add_iptable_rule() {
fi fi
if [ -z "${src_prefix}" ]; then if [ -z "${src_prefix}" ]; then
res=$(exec_cmd "ip6tables ${cmd} -m comment --comment IP6tables_service_rule -j ${action}") res=$(exec_cmd ip6tables -w ${cmd} -m comment --comment IP6tables_service_rule -j "${action}")
else else
#Add ipv6 sources if any #Add ipv6 sources if any
src_list="" src_list=""
@ -110,7 +110,7 @@ add_iptable_rule() {
if [ -n "$src_list" ]; then if [ -n "$src_list" ]; then
src_list=$(echo "${src_list}" | sed "s/,$//") src_list=$(echo "${src_list}" | sed "s/,$//")
res=$(exec_cmd "ip6tables -s $src_list ${cmd} -m comment --comment IP6tables_service_rule -j ${action}") res=$(exec_cmd ip6tables -w -s "$src_list" ${cmd} -m comment --comment IP6tables_service_rule -j "${action}")
fi fi
fi fi
fi fi