diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-06 09:42:17 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-06 09:42:17 +0000 |
| commit | b8fb090c167ff500a8d702f612a42914d4f0bb03 (patch) | |
| tree | 982fe657f91c834bc17d1e81f04672323a2dda1a /misc.h | |
| parent | 0a838de8adf3b06590e73cff6415275d9b1cd4fe (diff) | |
| download | openvpn-b8fb090c167ff500a8d702f612a42914d4f0bb03.tar.gz openvpn-b8fb090c167ff500a8d702f612a42914d4f0bb03.tar.xz openvpn-b8fb090c167ff500a8d702f612a42914d4f0bb03.zip | |
2.1_rc8 and earlier did implicit shell expansion on script
arguments since all scripts were called by system().
The security hardening changes made to 2.1_rc9 no longer
use system(), but rather use the safer execve or CreateProcess
system calls. The security hardening also introduced a
backward incompatibility with 2.1_rc8 and earlier in that
script parameters were no longer shell-expanded, so
for example:
client-connect "docc CLIENT-CONNECT"
would fail to work because execve would try to execute
a script called "docc CLIENT-CONNECT" instead of "docc"
with "CLIENT-CONNECT" as the first argument.
This patch fixes the issue, bringing the script argument
semantics back to pre 2.1_rc9 behavior in order to preserve
backward compatibility while still using execve or CreateProcess
to execute the script/executable.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'misc.h')
| -rw-r--r-- | misc.h | 36 |
1 files changed, 33 insertions, 3 deletions
@@ -221,9 +221,6 @@ bool delete_file (const char *filename); /* return true if pathname is absolute */ bool absolute_pathname (const char *pathname); -/* return the next largest power of 2 */ -unsigned int adjust_power_of_2 (unsigned int u); - /* * Get and store a username/password */ @@ -300,4 +297,37 @@ extern const char *iproute_path; #define SSEC_PW_ENV 3 /* allow calling of built-in programs and user-defined scripts that may receive a password as an environmental variable */ extern int script_security; /* GLOBAL */ +/* return the next largest power of 2 */ +size_t adjust_power_of_2 (size_t u); + +/* + * A printf-like function (that only recognizes a subset of standard printf + * format operators) that prints arguments to an argv list instead + * of a standard string. This is used to build up argv arrays for passing + * to execve. + */ +void argv_init (struct argv *a); +struct argv argv_new (void); +void argv_reset (struct argv *a); +char *argv_term (const char **f); +const char *argv_str (const struct argv *a, struct gc_arena *gc, const unsigned int flags); +struct argv argv_insert_head (const struct argv *a, const char *head); +void argv_msg (const int msglev, const struct argv *a); +void argv_msg_prefix (const int msglev, const struct argv *a, const char *prefix); + +#define APA_CAT (1<<0) /* concatentate onto existing struct argv list */ +void argv_printf_arglist (struct argv *a, const char *format, const unsigned int flags, va_list arglist); + +void argv_printf (struct argv *a, const char *format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))) +#endif + ; + +void argv_printf_cat (struct argv *a, const char *format, ...) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))) +#endif + ; + #endif |