From patchwork Fri Dec 6 16:42:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 8302 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Y4cVv27QVz3x1C for ; Fri, 6 Dec 2024 16:42:31 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Y4cVq6dfnz7Q6; Fri, 6 Dec 2024 16:42:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Y4cVq645dz33v6; Fri, 6 Dec 2024 16:42:27 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Y4cVm0qDTz2xfQ for ; Fri, 6 Dec 2024 16:42:24 +0000 (UTC) Received: from michael.haj.ipfire.org (michael.haj.ipfire.org [172.28.1.242]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "michael.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Y4cVl4FV9z4dc; Fri, 6 Dec 2024 16:42:23 +0000 (UTC) Received: by michael.haj.ipfire.org (Postfix, from userid 0) id 4Y4cVl2XKSzThh0; Fri, 6 Dec 2024 16:42:23 +0000 (UTC) From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 3/3] initscripts: readhash: Fix handling = signs Date: Fri, 6 Dec 2024 16:42:17 +0000 Message-Id: <20241206164217.3840140-3-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241206164217.3840140-1-michael.tremer@ipfire.org> References: <20241206164217.3840140-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: HBHRHFYYY2DVVVY3GCS4ZQRBEKDBGXZB X-Message-ID-Hash: HBHRHFYYY2DVVVY3GCS4ZQRBEKDBGXZB X-MailFrom: root@michael.haj.ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Michael Tremer X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The function expected that a line only contains exactly one equals sign (=) which is not fit for purpose. In the WireGuard code we hold key material that is encoded in base64 and therefore contains padding that uses =. This patch fixes that we expect exactly one equals sign immediately after the key and we will then accept more = in the value - which was already permitted. Furthermore, this patch fixes the splitting if the key and value at the first =. Signed-off-by: Michael Tremer --- src/initscripts/system/functions | 12 +++--------- .../system/functions/data/2_output_stderr | 8 ++++---- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions index 094e35495..e486cc085 100644 --- a/src/initscripts/system/functions +++ b/src/initscripts/system/functions @@ -909,21 +909,15 @@ readhash() { continue fi - # Skip lines without a = - if ! [[ ${line} =~ [^=]*=[^=]*$ ]]; then + # Check for a valid key followed by = + if ! [[ ${line} =~ ^[A-Za-z_][A-Za-z0-9_]*= ]]; then echo "Invalid line '${line}'" >&2 continue fi - local key="${line%=*}" + local key="${line%%=*}" local val="${line#*=}" - # Skip lines with an invalid key - if ! [[ ${key} =~ ^[A-Za-z_][A-Za-z0-9_]*$ ]]; then - echo "Invalid key '${key}'" >&2 - continue - fi - # Skip lines with invalid values if ! [[ ${val} =~ ^[\'][\ A-Za-z0-9=/,.:%_@#+-]*[\']$ ]] && ! [[ ${val} =~ ^[A-Za-z0-9=/,.:%_@#+-]*$ ]]; then echo "Invalid value '${val}' for key '${key}'" >&2 diff --git a/tests/src/initscripts/system/functions/data/2_output_stderr b/tests/src/initscripts/system/functions/data/2_output_stderr index 82f035e26..7f4c5a944 100644 --- a/tests/src/initscripts/system/functions/data/2_output_stderr +++ b/tests/src/initscripts/system/functions/data/2_output_stderr @@ -2,8 +2,8 @@ Invalid value '?3' for key 'CONFIG_TYPE' Invalid value 'gree!n0' for key 'GREEN_DEV' Invalid value '00:c0:08:8a :a0:47' for key 'GREEN_MACADDR' Invalid value '"r8175"' for key 'GREEN_DRIVER' -Invalid key '-RED_DEV' -Invalid key 'RE??D_MACADDR' -Invalid key 'RED&&_DRIVER' -Invalid key '0BLUE_DEV' +Invalid line '-RED_DEV=red0' +Invalid line 'RE??D_MACADDR=00:c0:08:8a:a0:56' +Invalid line 'RED&&_DRIVER=r8283' +Invalid line '0BLUE_DEV='blue0 net0'' Invalid line 'Line_without_a_equal_sign_is_also_invalid'