Files
src/usr.sbin/bsdconfig
Mark Johnston 2afb4c979f bsdconfig: Make sure that SSID names are properly escaped
The f_menu_wpa_scan_results() function returns a list of networks
discovered by a scan.  The untrusted network names are evaluated in
f_dialog_menu_wireless_edit.  The quoting applied in
f_menu_wpa_scan_results() protects against evaluation of something like
"$(whoami)" but one can add single quotes to defeat that.

Pass the SSID names through f_shell_escape to work around this.  Escape
single quotes in f_dialog_wireless_edit() and f_menu_wireless_configs()
too for consistency.

I note that this module doesn't seem to actually work, see e.g.,
bugzilla PR 229883.

Approved by:	so
Security:	FreeBSD-SA-26:23.bsdinstall
Security:	CVE-2026-45255
Reported by:	Austin Ralls
Reviewed by:	dteske, des
Differential Revision:	https://reviews.freebsd.org/D56974
2026-05-20 19:34:51 +00:00
..
2025-08-04 00:13:03 +01:00
2025-08-04 00:13:03 +01:00