diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2008-10-07 17:31:24 +0000 |
| commit | 47596652337e32766c2232d52a4a09d6da865ed1 (patch) | |
| tree | 0db7e7f19719a7d7efb5068e84440a379d7f259d /syslog-model.lua | |
| parent | ed1cb667362918a39dd62b7fb77d8da4293d27ae (diff) | |
| download | acf-alpine-baselayout-47596652337e32766c2232d52a4a09d6da865ed1.tar.bz2 acf-alpine-baselayout-47596652337e32766c2232d52a4a09d6da865ed1.tar.xz | |
Modified modelfunctions library to include validation in get/setfiledetails. Modified all uses to validate the file name - this was a major security hole.
git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'syslog-model.lua')
| -rw-r--r-- | syslog-model.lua | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/syslog-model.lua b/syslog-model.lua index 541d541..380b300 100644 --- a/syslog-model.lua +++ b/syslog-model.lua @@ -131,6 +131,25 @@ local validateconfig = function(config) return success, config end +local validate_configfile = function(filedetails) + local success = true + + local configcontent = format.opts_to_table(string.sub((format.parse_ini_file(filedetails.value.filecontent.value, "", "SYSLOGD_OPTS") or ""),2,-2)) + local config = makeconfig(configcontent) + success, config = validateconfig(config) + if not success then + local errormessages = {} + for x,y in pairs(config.value) do + if y.errtxt then + errormessages[#errormessages + 1] = y.label .. " - " .. y.errtxt + end + end + filedetails.value.filecontent.errtxt = table.concat(errormessages, "\n") + end + + return success, filedetails +end + -- ################################################################################ -- PUBLIC FUNCTIONS @@ -199,25 +218,5 @@ function updateconfig (config) end function update_filedetails (filedetails) - -- Validation before writing - filedetails.value.filecontent.value = string.gsub(format.dostounix(filedetails.value.filecontent.value), "\n+$", "") - local configcontent = format.opts_to_table(string.sub((format.parse_ini_file(filedetails.value.filecontent.value, "", "SYSLOGD_OPTS") or ""),2,-2)) - local config = makeconfig(configcontent) - local success, errtxt - success, config = validateconfig(config) - if success == true then - fs.write_file(configfile, filedetails.value.filecontent.value) - filedetails = get_filedetails() - else - local errormessages = {} - for x,y in pairs(config.value) do - if y.errtxt then - errormessages[#errormessages + 1] = y.label .. " - " .. y.errtxt - end - end - filedetails.value.filecontent.errtxt = table.concat(errormessages, "\n") - filedetails.errtxt = "Failed to set configuration" - end - - return filedetails + return modelfunctions.setfiledetails(filedetails, {configfile}, validate_configfile) end |