bsdinstall: Avoid invoking eval on the wlan SSID list
The wlanconfig utility is not careful about handling untrusted network names, which can contain shell metacharacters. Factor network selection into a subroutine and use the `set -- "$@"` trick to build up a list of positional parameters for bsddialog without evaluating them. Approved by: so Security: FreeBSD-SA-26:23.bsdinstall Security: CVE-2026-45255 Reported by: Austin Ralls Reviewed by: dteske, des, asiciliano Differential Revision: https://reviews.freebsd.org/D56973
This commit is contained in:
@@ -147,6 +147,34 @@ dialog_country_select()
|
||||
country_set "$regdomain" "$country"
|
||||
}
|
||||
|
||||
dialog_network_select()
|
||||
{
|
||||
local ssid flags height width rows prompt
|
||||
|
||||
# Avoid using eval on untrusted data.
|
||||
set --
|
||||
while IFS=$'\t' read -r ssid flags; do
|
||||
[ -n "$ssid" ] || continue
|
||||
set -- "$@" "$ssid" "$flags"
|
||||
done <<EOF
|
||||
$NETWORKS
|
||||
EOF
|
||||
|
||||
f_dialog_title "Network Selection"
|
||||
prompt="Select a wireless network to connect to."
|
||||
f_dialog_menu_size height width rows \
|
||||
"$DIALOG_TITLE" "$DIALOG_BACKTITLE" "$prompt" "" "$@"
|
||||
$DIALOG \
|
||||
--title "$DIALOG_TITLE" \
|
||||
--backtitle "$DIALOG_BACKTITLE" \
|
||||
--extra-button \
|
||||
--extra-label "Rescan" \
|
||||
--menu "$prompt" \
|
||||
$height $width $rows \
|
||||
"$@" \
|
||||
2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
|
||||
}
|
||||
|
||||
############################################################ MAIN
|
||||
|
||||
: > "$BSDINSTALL_TMPETC/wpa_supplicant.conf"
|
||||
@@ -213,27 +241,14 @@ while :; do
|
||||
|
||||
f_eval_catch -dk SCAN_RESULTS wlanconfig wpa_cli "wpa_cli scan_results"
|
||||
NETWORKS=$( echo "$SCAN_RESULTS" | awk -F '\t' '
|
||||
/..:..:..:..:..:../ && $5 { printf "\"%s\"\t\"%s\"\n", $5, $4 }
|
||||
/..:..:..:..:..:../ && $5 { print $5 "\t" $4 }
|
||||
' | sort | uniq )
|
||||
|
||||
if [ ! "$NETWORKS" ]; then
|
||||
f_dialog_title "$msg_error"
|
||||
f_yesno "No wireless networks were found. Rescan?" && continue
|
||||
else
|
||||
f_dialog_title "Network Selection"
|
||||
prompt="Select a wireless network to connect to."
|
||||
f_dialog_menu_size height width rows "$DIALOG_TITLE" \
|
||||
"$DIALOG_BACKTITLE" "$prompt" "" $NETWORKS
|
||||
NETWORK=$( eval $DIALOG \
|
||||
--title \"\$DIALOG_TITLE\" \
|
||||
--backtitle \"\$DIALOG_BACKTITLE\" \
|
||||
--extra-button \
|
||||
--extra-label \"Rescan\" \
|
||||
--menu \"\$prompt\" \
|
||||
$height $width $rows \
|
||||
$NETWORKS \
|
||||
2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
|
||||
)
|
||||
NETWORK=$( dialog_network_select )
|
||||
fi
|
||||
retval=$?
|
||||
f_dialog_data_sanitize NETWORK
|
||||
@@ -270,7 +285,7 @@ while :; do
|
||||
done
|
||||
|
||||
[ "$ENCRYPTION" ] || ENCRYPTION=$( echo "$NETWORKS" |
|
||||
awk -F '\t' "/^\"$NETWORK\"\t/ { print \$2 }" )
|
||||
awk -F '\t' "/^$NETWORK\t/ { print \$2 }" )
|
||||
|
||||
if echo "$ENCRYPTION" | grep -q PSK; then
|
||||
PASS=$( $DIALOG \
|
||||
|
||||
Reference in New Issue
Block a user