From: Paul Donald Date: Sun, 7 Apr 2024 12:23:57 +0000 (+0200) Subject: dnsmasq: gate configdir usage behind absolute path check X-Git-Tag: v24.10.0-rc1~317 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F14975%2Fhead;p=thirdparty%2Fopenwrt.git dnsmasq: gate configdir usage behind absolute path check don't use configuration directories which are relative Signed-off-by: Paul Donald Link: https://github.com/openwrt/openwrt/pull/14975 Signed-off-by: Hauke Mehrtens --- diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 451cb674f85..b864ea90699 100755 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -1147,16 +1147,19 @@ dnsmasq_start() # Create a dnsmasq.d dir for each instance config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d" - xappend "--conf-dir=$dnsmasqconfdir" - dnsmasqconfdir="${dnsmasqconfdir%%,*}" - [ ! -d "$dnsmasqconfdir" ] && mkdir -p "$dnsmasqconfdir" - xappend "--user=dnsmasq" - xappend "--group=dnsmasq" - echo >> "$CONFIGFILE_TMP" - - # EXTRACONFFILE allows new dnsmasq parameters before they are natively handled in this init file - config_get extraconftext "$cfg" extraconftext - [ -n "$extraconftext" ] && echo -e "$extraconftext" > "$dnsmasqconfdir"/"$EXTRACONFFILE" + # Ensure dnsmasqconfdir is an absolute path + [ "${dnsmasqconfdir:0:1}" = '/' ] && { + xappend "--conf-dir=$dnsmasqconfdir" + dnsmasqconfdir="${dnsmasqconfdir%%,*}" + [ ! -d "$dnsmasqconfdir" ] && mkdir -p "$dnsmasqconfdir" + xappend "--user=dnsmasq" + xappend "--group=dnsmasq" + echo >> "$CONFIGFILE_TMP" + + # EXTRACONFFILE allows new dnsmasq parameters before they are natively handled in this init file + config_get extraconftext "$cfg" extraconftext + [ -n "$extraconftext" ] && echo -e "$extraconftext" > "$dnsmasqconfdir"/"$EXTRACONFFILE" + } config_get_bool enable_tftp "$cfg" enable_tftp 0 [ "$enable_tftp" -gt 0 ] && {