map-controller: fix potential shell injection in 99-mapcntlr

Expand variables which may contain "user input" in the second pass (production data is not likely to contain anything unsafe but it is better to be on the safe side). In addition use "$@" instead of hardcoded parameters and handle json_select failure. Use OpenWrt get_mac_label instead of legacy methods to obtain MAC address.
2025-12-10 07:44:50 +01:00 · 2025-05-14 10:12:30 +02:00 · 2025-05-14 10:12:30 +02:00 · ed30787ca4
commit ed30787ca4
parent d68e0847c4
1 changed files with 15 additions and 11 deletions
--- a/map-controller/files/etc/uci-defaults/99-mapcntlr
+++ b/map-controller/files/etc/uci-defaults/99-mapcntlr
@ -1,4 +1,6 @@
 #!/bin/sh
+
+. /lib/functions/system.sh
 . /usr/share/libubox/jshn.sh

 CFG=/etc/board.json
@ -7,8 +9,7 @@ CFG=/etc/board.json
 WIFI_BH_KEY=$(openssl rand -rand /dev/urandom -hex 64 2>/dev/null | openssl dgst -hex -sha256 | cut -d " " -f 2)
 WIFI_BH_KEY=${WIFI_BH_KEY::-1}

-BASEMAC_ADDR="$(fw_printenv -n ethaddr | tr -d ':' | tr 'a-z' 'A-Z')"
-[ ${#BASEMAC_ADDR} -eq 12 ] || BASEMAC_ADDR="$(db -q get device.deviceinfo.BaseMACAddress | tr -d ':')"
+BASEMAC_ADDR="$(get_mac_label | tr -d ':' | tr 'a-z' 'A-Z')"

 FALLBACK_SSID="$DEVICE_MANUFACTURER-$BASEMAC_ADDR"
 FALLBACK_KEY="1234567890"
@ -19,15 +20,15 @@ FALLBACK_ALL_ENCRYPTION="sae-mixed"

 set_per_band_callback() {
 	local band="$2"
-	json_select "$band"
+	json_select "$band" || return
 	local ssid encryption key
 	json_get_vars ssid encryption key
 	case "$band" in
 	all|2g|5g|6g)
 		local band_upper="$(printf "%s" "$band" | tr 'a-z' 'A-Z')"
-		eval "export -- WIFI_FH_${band_upper}_SSID='$ssid'"
-		eval "export -- WIFI_FH_${band_upper}_ENCRYPTION='$encryption'"
-		eval "export -- WIFI_FH_${band_upper}_KEY='$key'"
+		eval "WIFI_FH_${band_upper}_SSID=\$ssid"
+		eval "WIFI_FH_${band_upper}_ENCRYPTION=\$encryption"
+		eval "WIFI_FH_${band_upper}_KEY=\$key"
 		;;
 	esac
 	json_select ..
@ -36,25 +37,28 @@ set_per_band_callback() {
 set_vars_from_board_json() {
 	json_init
 	json_load_file "$CFG"
-	json_select wlan
-	json_select defaults
-	json_for_each_item set_per_band_callback ssids
+	if json_select wlan && json_select defaults && json_is_a ssids object; then
+		json_for_each_item set_per_band_callback ssids
+	fi
 	json_cleanup
 }

 set_in_priority() {
 	local destination="$1"
-	for alternative in $2 $3 $4 $5 $6 $7 $8 $9; do
+	local alternative value
+	shift
+	for alternative in "$@"; do
 		eval "value=\${${alternative}}"
 		if [ -n "$value" ]; then
 			echo "Setting $destination to '$value' from \$$alternative"
-			eval "export -- ${destination}='$value'"
+			eval "${destination}=\$value"
 			break
 		fi
 	done
 }

 set_missing_vars_from_fallback() {
+	local band what
 	for band in ALL 2G 5G 6G; do
 		for what in SSID KEY; do
 			set_in_priority \