From 673003b8c58fbfe9c6159ea29a175af1faf75076 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 7 Oct 2008 17:31:24 +0000
Subject: Modified modelfunctions library to include validation in
 get/setfiledetails.  Modified all uses to validate the file name - this was a
 major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/openssl/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 openssl-model.lua | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

(limited to 'openssl-model.lua')

diff --git a/openssl-model.lua b/openssl-model.lua
index 2a02129..07ab963 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -783,21 +783,8 @@ getconfigfile = function()
 end
 
 setconfigfile = function(filedetails)
-	filedetails.value.filename.value = configfile
-	filedetails.value.filecontent.value = string.gsub(format.dostounix(filedetails.value.filecontent.value), "\n+$", "")
-
 	-- validate
-	local success = true
-
-	if success then
-		fs.write_file(configfile, filedetails.value.filecontent.value)
-		filedetails = getconfigfile()
-		config = nil
-	else
-		filedetails.errtxt = "Failed to set configuration file"
-	end
-
-	return filedetails
+	return modelfunctions.setfiledetails(filedetails, {configfile})
 end
 
 checkenvironment = function(set)
-- 
cgit v1.2.3