From: Paul Donald Date: Sun, 7 Apr 2024 12:23:57 +0000 (+0200) Subject: dnsmasq: gate configdir usage behind absolute path check X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=3407269ba593aec49583d036ff1f8745bde330dc;p=openwrt%2Fstaging%2Fxback.git dnsmasq: gate configdir usage behind absolute path check don't use configuration directories which are relative Signed-off-by: Paul Donald Link: https://github.com/openwrt/openwrt/pull/14975 Signed-off-by: Hauke Mehrtens --- diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 451cb674f8..b864ea9069 100755 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -1147,16 +1147,19 @@ dnsmasq_start() # Create a dnsmasq.d dir for each instance config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d" - xappend "--conf-dir=$dnsmasqconfdir" - dnsmasqconfdir="${dnsmasqconfdir%%,*}" - [ ! -d "$dnsmasqconfdir" ] && mkdir -p "$dnsmasqconfdir" - xappend "--user=dnsmasq" - xappend "--group=dnsmasq" - echo >> "$CONFIGFILE_TMP" - - # EXTRACONFFILE allows new dnsmasq parameters before they are natively handled in this init file - config_get extraconftext "$cfg" extraconftext - [ -n "$extraconftext" ] && echo -e "$extraconftext" > "$dnsmasqconfdir"/"$EXTRACONFFILE" + # Ensure dnsmasqconfdir is an absolute path + [ "${dnsmasqconfdir:0:1}" = '/' ] && { + xappend "--conf-dir=$dnsmasqconfdir" + dnsmasqconfdir="${dnsmasqconfdir%%,*}" + [ ! -d "$dnsmasqconfdir" ] && mkdir -p "$dnsmasqconfdir" + xappend "--user=dnsmasq" + xappend "--group=dnsmasq" + echo >> "$CONFIGFILE_TMP" + + # EXTRACONFFILE allows new dnsmasq parameters before they are natively handled in this init file + config_get extraconftext "$cfg" extraconftext + [ -n "$extraconftext" ] && echo -e "$extraconftext" > "$dnsmasqconfdir"/"$EXTRACONFFILE" + } config_get_bool enable_tftp "$cfg" enable_tftp 0 [ "$enable_tftp" -gt 0 ] && {