diff options
| author | Richard Weinberger <richard@nod.at> | 2021-09-13 23:55:46 +0200 |
|---|---|---|
| committer | Richard Weinberger <richard@nod.at> | 2021-09-13 23:55:46 +0200 |
| commit | b51e5e07baeff46502624ed4a7c7f0bab7f0580e (patch) | |
| tree | e8a54d306a5a81de6f4de9c3a5a357937215a34e | |
| parent | d0e75315ac9df3b8b371184c0ec222c32a09986d (diff) | |
| download | misc-kconfig_escape.tar.gz | |
kconfig: Deny command substitution in string valueskconfig_escape
The post processed .config file will get included in shell
and makefiles. So make sure that a string does not contain
symbols that allow command substitution.
If such a malformed string is found, return empty string
and report it.
Signed-off-by: Richard Weinberger <richard@nod.at>
| -rw-r--r-- | scripts/kconfig/symbol.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c index 4a31bb943f794d..1035ecdddc994e 100644 --- a/scripts/kconfig/symbol.c +++ b/scripts/kconfig/symbol.c @@ -880,6 +880,11 @@ const char *sym_escape_string(struct symbol *sym) in = sym_get_string_value(sym); + if (strspn(in, "`$")) { + fprintf(stderr, "%s: invalid characters in string found\n", sym->name); + return xstrdup("\"\""); + } + reslen = strlen(in) + strlen("\"\"") + 1; p = in; |