|
|
a37e1c |
From 83d10ba08b8cd550196ae14f4f40fdbb72078057 Mon Sep 17 00:00:00 2001
|
|
|
a37e1c |
From: Quentin Armitage <quentin@armitage.org.uk>
|
|
|
a37e1c |
Date: Thu, 22 Mar 2018 16:54:54 +0000
|
|
|
a37e1c |
Subject: [PATCH] Fix vrrp_script and check_misc scripts of type
|
|
|
a37e1c |
|
|
|
a37e1c |
|
|
|
a37e1c |
Issue #817 identified that these types of "scripts" no longer worked.
|
|
|
a37e1c |
|
|
|
a37e1c |
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
|
|
|
a37e1c |
---
|
|
|
a37e1c |
keepalived/check/check_misc.c | 8 ++++++++
|
|
|
a37e1c |
keepalived/vrrp/vrrp.c | 7 +++++++
|
|
|
a37e1c |
2 files changed, 15 insertions(+)
|
|
|
a37e1c |
|
|
|
a37e1c |
diff --git a/keepalived/check/check_misc.c b/keepalived/check/check_misc.c
|
|
|
a37e1c |
index ccb9b63b..7d7e740b 100644
|
|
|
a37e1c |
--- a/keepalived/check/check_misc.c
|
|
|
a37e1c |
+++ b/keepalived/check/check_misc.c
|
|
|
a37e1c |
@@ -149,6 +149,14 @@ check_misc_script_security(void)
|
|
|
a37e1c |
continue;
|
|
|
a37e1c |
|
|
|
a37e1c |
misc_script = CHECKER_ARG(checker);
|
|
|
a37e1c |
+
|
|
|
a37e1c |
+ /* If the misc check script starts "</" (possibly with white space between
|
|
|
a37e1c |
+ * the '<' and '/'), it is checking for a file being openable,
|
|
|
a37e1c |
+ * so it won't be executed */
|
|
|
a37e1c |
+ if (misc_script->path[0] == '<' &&
|
|
|
a37e1c |
+ misc_script->path[strspn(misc_script->path + 1, " \t") + 1] == '/')
|
|
|
a37e1c |
+ return 0;
|
|
|
a37e1c |
+
|
|
|
a37e1c |
script.name = misc_script->path;
|
|
|
a37e1c |
script.uid = misc_script->uid;
|
|
|
a37e1c |
script.gid = misc_script->gid;
|
|
|
a37e1c |
diff --git a/keepalived/vrrp/vrrp.c b/keepalived/vrrp/vrrp.c
|
|
|
a37e1c |
index 3d2bfe41..c18a8d17 100644
|
|
|
a37e1c |
--- a/keepalived/vrrp/vrrp.c
|
|
|
a37e1c |
+++ b/keepalived/vrrp/vrrp.c
|
|
|
a37e1c |
@@ -149,6 +149,13 @@ check_track_script_secure(tracked_sc_t *script)
|
|
|
a37e1c |
if (script->scr->insecure)
|
|
|
a37e1c |
return 0;
|
|
|
a37e1c |
|
|
|
a37e1c |
+ /* If the track script starts "</" (possibly with white space between
|
|
|
a37e1c |
+ * the '<' and '/'), it is checking for a file being openable,
|
|
|
a37e1c |
+ * so it won't be executed */
|
|
|
a37e1c |
+ if (script->scr->script[0] == '<' &&
|
|
|
a37e1c |
+ script->scr->script[strspn(script->scr->script + 1, " \t") + 1] == '/')
|
|
|
a37e1c |
+ return 0;
|
|
|
a37e1c |
+
|
|
|
a37e1c |
ns.name = script->scr->script;
|
|
|
a37e1c |
ns.uid = script->scr->uid;
|
|
|
a37e1c |
ns.gid = script->scr->gid;
|
|
|
a37e1c |
--
|
|
|
a37e1c |
2.21.0
|
|
|
a37e1c |
|