From 47596652337e32766c2232d52a4a09d6da865ed1 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 7 Oct 2008 17:31:24 +0000
Subject: Modified modelfunctions library to include validation in
 get/setfiledetails.  Modified all uses to validate the file name - this was a
 major security hole.

git-svn-id: svn://svn.alpinelinux.org/acf/alpine-baselayout/trunk@1542 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 syslog-model.lua | 41 ++++++++++++++++++++---------------------
 1 file changed, 20 insertions(+), 21 deletions(-)

(limited to 'syslog-model.lua')

diff --git a/syslog-model.lua b/syslog-model.lua
index 541d541..380b300 100644
--- a/syslog-model.lua
+++ b/syslog-model.lua
@@ -131,6 +131,25 @@ local validateconfig = function(config)
 	return success, config
 end
 
+local validate_configfile = function(filedetails)
+	local success = true
+
+	local configcontent = format.opts_to_table(string.sub((format.parse_ini_file(filedetails.value.filecontent.value, "", "SYSLOGD_OPTS") or ""),2,-2))
+	local config = makeconfig(configcontent)
+	success, config = validateconfig(config)
+	if not success then
+		local errormessages = {}
+		for x,y in pairs(config.value) do
+			if y.errtxt then
+				errormessages[#errormessages + 1] = y.label .. " - " .. y.errtxt
+			end
+		end
+		filedetails.value.filecontent.errtxt = table.concat(errormessages, "\n")
+	end
+
+	return success, filedetails
+end
+
 -- ################################################################################
 -- PUBLIC FUNCTIONS
 
@@ -199,25 +218,5 @@ function updateconfig (config)
 end
 
 function update_filedetails (filedetails)
-	-- Validation before writing
-	filedetails.value.filecontent.value = string.gsub(format.dostounix(filedetails.value.filecontent.value), "\n+$", "")
-	local configcontent = format.opts_to_table(string.sub((format.parse_ini_file(filedetails.value.filecontent.value, "", "SYSLOGD_OPTS") or ""),2,-2))
-	local config = makeconfig(configcontent)
-	local success, errtxt
-	success, config = validateconfig(config)
-	if success == true then
-		fs.write_file(configfile, filedetails.value.filecontent.value)
-		filedetails = get_filedetails()
-	else
-		local errormessages = {}
-		for x,y in pairs(config.value) do
-			if y.errtxt then
-				errormessages[#errormessages + 1] = y.label .. " - " .. y.errtxt
-			end
-		end
-		filedetails.value.filecontent.errtxt = table.concat(errormessages, "\n")
-		filedetails.errtxt = "Failed to set configuration"
-	end
-
-	return filedetails
+	return modelfunctions.setfiledetails(filedetails, {configfile}, validate_configfile)
 end
-- 
cgit v1.2.3