2afb4c979f
The f_menu_wpa_scan_results() function returns a list of networks discovered by a scan. The untrusted network names are evaluated in f_dialog_menu_wireless_edit. The quoting applied in f_menu_wpa_scan_results() protects against evaluation of something like "$(whoami)" but one can add single quotes to defeat that. Pass the SSID names through f_shell_escape to work around this. Escape single quotes in f_dialog_wireless_edit() and f_menu_wireless_configs() too for consistency. I note that this module doesn't seem to actually work, see e.g., bugzilla PR 229883. Approved by: so Security: FreeBSD-SA-26:23.bsdinstall Security: CVE-2026-45255 Reported by: Austin Ralls Reviewed by: dteske, des Differential Revision: https://reviews.freebsd.org/D56974