Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- tests/lib.sh | 2 +- tests/src/initscripts/system/functions/test.sh | 2 +- tests/src/initscripts/system/functions/test2.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/tests/lib.sh b/tests/lib.sh index bb06e11c2..513850d8d 100644 --- a/tests/lib.sh +++ b/tests/lib.sh @@ -1,4 +1,4 @@ -#!/usr/bin/bash +#!/bin/bash
# Get the path of this file. # This ist rather complex as we do not want the calling script file diff --git a/tests/src/initscripts/system/functions/test.sh b/tests/src/initscripts/system/functions/test.sh index dbcbd45ef..7a23b99b9 100755 --- a/tests/src/initscripts/system/functions/test.sh +++ b/tests/src/initscripts/system/functions/test.sh @@ -1,4 +1,4 @@ -#!/usr/bin/bash +#!/bin/bash
SCRIPT_PATH="$(dirname "$(readlink -f "$0")")"
diff --git a/tests/src/initscripts/system/functions/test2.sh b/tests/src/initscripts/system/functions/test2.sh index a568ed2a4..9aa5b8bda 100755 --- a/tests/src/initscripts/system/functions/test2.sh +++ b/tests/src/initscripts/system/functions/test2.sh @@ -1,4 +1,4 @@ -#!/usr/bin/bash +#!/bin/bash
SCRIPT_PATH="$(dirname "$(readlink -f "$0")")"
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- src/initscripts/system/functions | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions index 125aa1dc6..094e35495 100644 --- a/src/initscripts/system/functions +++ b/src/initscripts/system/functions @@ -899,7 +899,6 @@ readhash() {
local line while read -r line; do - # Skip Blank Lines if [[ ${line} =~ ^[[:space:]]*$ ]]; then continue @@ -932,8 +931,12 @@ readhash() { fi
# strip leading and trailing single quotes - val="${val#'}" - val="${val%'}" + case "${val}" in + '*') + val="${val#'}" + val="${val%'}" + ;; + esac
printf -v "${array}[${key}]" "%s" "${val}" done < "${file}"
The function expected that a line only contains exactly one equals sign (=) which is not fit for purpose. In the WireGuard code we hold key material that is encoded in base64 and therefore contains padding that uses =.
This patch fixes that we expect exactly one equals sign immediately after the key and we will then accept more = in the value - which was already permitted.
Furthermore, this patch fixes the splitting if the key and value at the first =.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- src/initscripts/system/functions | 12 +++--------- .../system/functions/data/2_output_stderr | 8 ++++---- 2 files changed, 7 insertions(+), 13 deletions(-)
diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions index 094e35495..e486cc085 100644 --- a/src/initscripts/system/functions +++ b/src/initscripts/system/functions @@ -909,21 +909,15 @@ readhash() { continue fi
- # Skip lines without a = - if ! [[ ${line} =~ [^=]*=[^=]*$ ]]; then + # Check for a valid key followed by = + if ! [[ ${line} =~ ^[A-Za-z_][A-Za-z0-9_]*= ]]; then echo "Invalid line '${line}'" >&2 continue fi
- local key="${line%=*}" + local key="${line%%=*}" local val="${line#*=}"
- # Skip lines with an invalid key - if ! [[ ${key} =~ ^[A-Za-z_][A-Za-z0-9_]*$ ]]; then - echo "Invalid key '${key}'" >&2 - continue - fi - # Skip lines with invalid values if ! [[ ${val} =~ ^['][\ A-Za-z0-9=/,.:%_@#+-]*[']$ ]] && ! [[ ${val} =~ ^[A-Za-z0-9=/,.:%_@#+-]*$ ]]; then echo "Invalid value '${val}' for key '${key}'" >&2 diff --git a/tests/src/initscripts/system/functions/data/2_output_stderr b/tests/src/initscripts/system/functions/data/2_output_stderr index 82f035e26..7f4c5a944 100644 --- a/tests/src/initscripts/system/functions/data/2_output_stderr +++ b/tests/src/initscripts/system/functions/data/2_output_stderr @@ -2,8 +2,8 @@ Invalid value '?3' for key 'CONFIG_TYPE' Invalid value 'gree!n0' for key 'GREEN_DEV' Invalid value '00:c0:08:8a :a0:47' for key 'GREEN_MACADDR' Invalid value '"r8175"' for key 'GREEN_DRIVER' -Invalid key '-RED_DEV' -Invalid key 'RE??D_MACADDR' -Invalid key 'RED&&_DRIVER' -Invalid key '0BLUE_DEV' +Invalid line '-RED_DEV=red0' +Invalid line 'RE??D_MACADDR=00:c0:08:8a:a0:56' +Invalid line 'RED&&_DRIVER=r8283' +Invalid line '0BLUE_DEV='blue0 net0'' Invalid line 'Line_without_a_equal_sign_is_also_invalid'
Hi,
as this is already staged, I do not reply to all emails, but the last one: This looks all good. I do not unterstand the purpose of the second patch, but I guess there is a reason.
Jonatan
Am Freitag, dem 06.12.2024 um 16:42 +0000 schrieb Michael Tremer:
The function expected that a line only contains exactly one equals sign (=) which is not fit for purpose. In the WireGuard code we hold key material that is encoded in base64 and therefore contains padding that uses =.
This patch fixes that we expect exactly one equals sign immediately after the key and we will then accept more = in the value - which was already permitted.
Furthermore, this patch fixes the splitting if the key and value at the first =.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
src/initscripts/system/functions | 12 +++-------
.../system/functions/data/2_output_stderr | 8 ++++---- 2 files changed, 7 insertions(+), 13 deletions(-)
diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions index 094e35495..e486cc085 100644 --- a/src/initscripts/system/functions +++ b/src/initscripts/system/functions @@ -909,21 +909,15 @@ readhash() { continue fi - # Skip lines without a = - if ! [[ ${line} =~ [^=]*=[^=]*$ ]]; then + # Check for a valid key followed by = + if ! [[ ${line} =~ ^[A-Za-z_][A-Za-z0-9_]*= ]]; then echo "Invalid line '${line}'" >&2 continue fi - local key="${line%=*}" + local key="${line%%=*}" local val="${line#*=}" - # Skip lines with an invalid key - if ! [[ ${key} =~ ^[A-Za-z_][A-Za-z0-9_]*$ ]]; then - echo "Invalid key '${key}'" >&2 - continue - fi
# Skip lines with invalid values if ! [[ ${val} =~ ^['][\ A-Za-z0-9=/,.:%_@#+-]*[']$ ]] && ! [[ ${val} =~ ^[A-Za-z0-9=/,.:%_@#+-]*$ ]]; then echo "Invalid value '${val}' for key '${key}'" >&2 diff --git a/tests/src/initscripts/system/functions/data/2_output_stderr b/tests/src/initscripts/system/functions/data/2_output_stderr index 82f035e26..7f4c5a944 100644 --- a/tests/src/initscripts/system/functions/data/2_output_stderr +++ b/tests/src/initscripts/system/functions/data/2_output_stderr @@ -2,8 +2,8 @@ Invalid value '?3' for key 'CONFIG_TYPE' Invalid value 'gree!n0' for key 'GREEN_DEV' Invalid value '00:c0:08:8a :a0:47' for key 'GREEN_MACADDR' Invalid value '"r8175"' for key 'GREEN_DRIVER' -Invalid key '-RED_DEV' -Invalid key 'RE??D_MACADDR' -Invalid key 'RED&&_DRIVER' -Invalid key '0BLUE_DEV' +Invalid line '-RED_DEV=red0' +Invalid line 'RE??D_MACADDR=00:c0:08:8a:a0:56' +Invalid line 'RED&&_DRIVER=r8283' +Invalid line '0BLUE_DEV='blue0 net0'' Invalid line 'Line_without_a_equal_sign_is_also_invalid'
-
Jonatan Schlag -
Michael Tremer