From 820ab96c6927c4e3ecbbe2df1342b635cc598ce7 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 26 Feb 2019 10:16:21 +0000 Subject: [PATCH] DHCP: Escape slashes in filename Fixes: #12006 Signed-off-by: Michael Tremer --- html/cgi-bin/dhcp.cgi | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index 3eb5349a9f..82c6b20665 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -1272,7 +1272,7 @@ sub buildconf { print FILE ", " . $dhcpsettings{"WINS2_${itf}"} if ($dhcpsettings{"WINS2_${itf}"}); print FILE ";\n" if ($dhcpsettings{"WINS1_${itf}"}); print FILE "\tnext-server " . $dhcpsettings{"NEXT_${itf}"} . ";\n" if ($dhcpsettings{"NEXT_${itf}"}); - print FILE "\tfilename \"" . $dhcpsettings{"FILE_${itf}"} . "\";\n" if ($dhcpsettings{"FILE_${itf}"}); + print FILE "\tfilename \"" . &EscapeFilename($dhcpsettings{"FILE_${itf}"}) . "\";\n" if ($dhcpsettings{"FILE_${itf}"}); print FILE "\tdefault-lease-time " . ($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} * 60). ";\n"; print FILE "\tmax-lease-time " . ($dhcpsettings{"MAX_LEASE_TIME_${itf}"} * 60) . ";\n"; print FILE "\tallow bootp;\n" if ($dhcpsettings{"ENABLEBOOTP_${itf}"} eq 'on'); @@ -1325,7 +1325,7 @@ sub buildconf { print FILE "\thardware ethernet $temp[0];\n"; print FILE "\tfixed-address $temp[1];\n"; print FILE "\tnext-server $temp[3];\n" if ($temp[3]); - print FILE "\tfilename \"$temp[4]\";\n" if ($temp[4]); + print FILE "\tfilename \"" . &EscapeFilename($temp[4]) . "\";\n" if ($temp[4]); print FILE "\toption root-path \"$temp[5]\";\n" if ($temp[5]); print FILE "}\n"; $key++; @@ -1392,3 +1392,12 @@ sub IsUsedNewOptionDefinition { } return 0; } + +sub EscapeFilename($) { + my $filename = shift; + + # Replace all single / by \/ + $filename =~ s/\//\\\//g; + + return $filename; +} -- 2.39.2