diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-06 09:42:17 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-06 09:42:17 +0000 |
| commit | b8fb090c167ff500a8d702f612a42914d4f0bb03 (patch) | |
| tree | 982fe657f91c834bc17d1e81f04672323a2dda1a /socket.c | |
| parent | 0a838de8adf3b06590e73cff6415275d9b1cd4fe (diff) | |
| download | openvpn-b8fb090c167ff500a8d702f612a42914d4f0bb03.tar.gz openvpn-b8fb090c167ff500a8d702f612a42914d4f0bb03.tar.xz openvpn-b8fb090c167ff500a8d702f612a42914d4f0bb03.zip | |
2.1_rc8 and earlier did implicit shell expansion on script
arguments since all scripts were called by system().
The security hardening changes made to 2.1_rc9 no longer
use system(), but rather use the safer execve or CreateProcess
system calls. The security hardening also introduced a
backward incompatibility with 2.1_rc8 and earlier in that
script parameters were no longer shell-expanded, so
for example:
client-connect "docc CLIENT-CONNECT"
would fail to work because execve would try to execute
a script called "docc CLIENT-CONNECT" instead of "docc"
with "CLIENT-CONNECT" as the first argument.
This patch fixes the issue, bringing the script argument
semantics back to pre 2.1_rc9 behavior in order to preserve
backward compatibility while still using execve or CreateProcess
to execute the script/executable.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'socket.c')
| -rw-r--r-- | socket.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1539,7 +1539,7 @@ ipchange_fmt (const bool include_cmd, struct argv *argv, const struct link_socke const char *ip = print_sockaddr_ex (&info->lsa->actual.dest, NULL, 0, gc); const char *port = print_sockaddr_ex (&info->lsa->actual.dest, NULL, PS_DONT_SHOW_ADDR|PS_SHOW_PORT, gc); if (include_cmd) - argv_printf (argv, "%s %s %s", + argv_printf (argv, "%sc %s %s", info->ipchange_command, ip, port); |