From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 11 Jan 2024 15:11:53 +0000 (+0100)
Subject: wsdd: Securely parse the workgroup name
X-Git-Tag: v2.29-core185~145^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43c2dc9318f5733006388563468ba75e39e8d997;p=ipfire-2.x.git

wsdd: Securely parse the workgroup name

Because of a single variable being passwd with the workgroup, it would
have been possible to inject shell commands here. Passing it in the
array prevents that.

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
---

diff --git a/src/initscripts/packages/wsdd b/src/initscripts/packages/wsdd
index b07fe3ace2..e4ae3d2989 100644
--- a/src/initscripts/packages/wsdd
+++ b/src/initscripts/packages/wsdd
@@ -38,18 +38,20 @@ ARGS=(
 
 	# Only use IPv4
 	"--ipv4only"
+
+	# Configure the workgroup
+	"--workgroup" "$(testparm -s --parameter-name workgroup 2>/dev/null)"
 )
 
 INTERFACES="--interface ${GREEN_DEV}"
 if [ -n "${BLUE_DEV}" ]; then
         INTERFACES="${INTERFACES} --interface ${BLUE_DEV}"
 fi
-WSDD_WORKGROUP="--workgroup $(/usr/bin/testparm -s --parameter-name workgroup 2>/dev/null)"
 
 case "$1" in
 	start)
 		boot_mesg "Starting wsdd daemon..."
-		loadproc -b -p "${PIDFILE}" /usr/bin/wsdd "${ARGS[@]}" ${INTERFACES} ${WSDD_WORKGROUP}
+		loadproc -b -p "${PIDFILE}" /usr/bin/wsdd "${ARGS[@]}" ${INTERFACES}
 		;;
 
 	stop)