From 83d10ba08b8cd550196ae14f4f40fdbb72078057 Mon Sep 17 00:00:00 2001

From: Quentin Armitage <quentin@armitage.org.uk>

Date: Thu, 22 Mar 2018 16:54:54 +0000

Subject: [PATCH] Fix vrrp_script and check_misc scripts of type

Issue #817 identified that these types of "scripts" no longer worked.

Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>

---

 keepalived/check/check_misc.c | 8 ++++++++

 keepalived/vrrp/vrrp.c        | 7 +++++++

 2 files changed, 15 insertions(+)

diff --git a/keepalived/check/check_misc.c b/keepalived/check/check_misc.c

index ccb9b63b..7d7e740b 100644

--- a/keepalived/check/check_misc.c

+++ b/keepalived/check/check_misc.c

@@ -149,6 +149,14 @@ check_misc_script_security(void)

 			continue;

 		misc_script = CHECKER_ARG(checker);

+

+		/* If the misc check script starts "</" (possibly with white space between

+		 * the '<' and '/'), it is checking for a file being openable,

+		 * so it won't be executed */

+		if (misc_script->path[0] == '<' &&

+		    misc_script->path[strspn(misc_script->path + 1, " \t") + 1] == '/')

+			return 0;

+

 		script.name = misc_script->path;

 		script.uid = misc_script->uid;

 		script.gid = misc_script->gid;

diff --git a/keepalived/vrrp/vrrp.c b/keepalived/vrrp/vrrp.c

index 3d2bfe41..c18a8d17 100644

--- a/keepalived/vrrp/vrrp.c

+++ b/keepalived/vrrp/vrrp.c

@@ -149,6 +149,13 @@ check_track_script_secure(tracked_sc_t *script)

 	if (script->scr->insecure)

 		return 0;

+	/* If the track script starts "</" (possibly with white space between

+	 * the '<' and '/'), it is checking for a file being openable,

+	 * so it won't be executed */

+	if (script->scr->script[0] == '<' &&

+	    script->scr->script[strspn(script->scr->script + 1, " \t") + 1] == '/')

+		return 0;

+

 	ns.name = script->scr->script;

 	ns.uid = script->scr->uid;

 	ns.gid = script->scr->gid;

-- 

2.21.0