dnsmasq: gate configdir usage behind absolute path check
authorPaul Donald <newtwen+github@gmail.com>
Sun, 7 Apr 2024 12:23:57 +0000 (14:23 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 20 Oct 2024 19:56:16 +0000 (21:56 +0200)
don't use configuration directories which are relative

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/network/services/dnsmasq/files/dnsmasq.init

index 451cb674f853537c30aa99acbd9f10f18a12a1fe..b864ea90699f484ad124a1f1107f7ac10b2fb770 100755 (executable)
@@ -1147,16 +1147,19 @@ dnsmasq_start()
 
        # Create a dnsmasq.d dir for each instance
        config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"
-       xappend "--conf-dir=$dnsmasqconfdir"
-       dnsmasqconfdir="${dnsmasqconfdir%%,*}"
-       [ ! -d "$dnsmasqconfdir" ] && mkdir -p "$dnsmasqconfdir"
-       xappend "--user=dnsmasq"
-       xappend "--group=dnsmasq"
-       echo >> "$CONFIGFILE_TMP"
-
-       # EXTRACONFFILE allows new dnsmasq parameters before they are natively handled in this init file
-       config_get extraconftext "$cfg" extraconftext
-       [ -n "$extraconftext" ] && echo -e "$extraconftext" > "$dnsmasqconfdir"/"$EXTRACONFFILE"
+       # Ensure dnsmasqconfdir is an absolute path
+       [ "${dnsmasqconfdir:0:1}" = '/' ] && {
+               xappend "--conf-dir=$dnsmasqconfdir"
+               dnsmasqconfdir="${dnsmasqconfdir%%,*}"
+               [ ! -d "$dnsmasqconfdir" ] && mkdir -p "$dnsmasqconfdir"
+               xappend "--user=dnsmasq"
+               xappend "--group=dnsmasq"
+               echo >> "$CONFIGFILE_TMP"
+
+               # EXTRACONFFILE allows new dnsmasq parameters before they are natively handled in this init file
+               config_get extraconftext "$cfg" extraconftext
+               [ -n "$extraconftext" ] && echo -e "$extraconftext" > "$dnsmasqconfdir"/"$EXTRACONFFILE"
+       }
 
        config_get_bool enable_tftp "$cfg" enable_tftp 0
        [ "$enable_tftp" -gt 0 ] && {