Bug #1781
OpenNebula core should generate context file sh-syntax secure
| Status: | Closed | Start date: | 02/25/2013 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Ruben S. Montero | % Done: | 0% | |
| Category: | Core & System | |||
| Target version: | Release 4.2 | |||
| Resolution: | fixed | Pull request: | ||
| Affected Versions: | OpenNebula 3.8 |
Description
OpenNebula should use single quotes for context values, message from the mailing list:
Hi, I just found, that if context.sh variables contains character $ in value, then it is interpreted as variable name. As a workaround (partial) I put sed -e "s/=\"/='/" -e "s/\"$/'/" < /mnt/context.sh > /tmp/context.sh . /tmp/context.sh rm /tmp/context.sh into my init.sh. Probably it would be better to escape $ and other characters in values or put values to single quotes (what makes difficult to pass single quotes itself in values also). Regards, Rolandas Naujikas ________________________
Associated revisions
bug #1781: Replaces " by ' and escape ' using '\''. context.sh should be now sh-syntax secure
bug #1781: Replaces " by ' and escape ' using '\''. context.sh should be now sh-syntax secure
(cherry picked from commit 306aff89060a274ad402412639dda1302abd0055)
History
#1
Updated by Ruben S. Montero over 8 years ago
- Target version changed from Release 4.0 to Release 4.2
#2
Updated by Ruben S. Montero about 8 years ago
- Category set to Core & System
#3
Updated by Ruben S. Montero about 8 years ago
- Target version deleted (
Release 4.2)
#4
Updated by Ruben S. Montero about 8 years ago
- Target version set to Release 4.2
#5
Updated by Ruben S. Montero about 8 years ago
- Status changed from New to Closed
- Assignee set to Ruben S. Montero
- Resolution set to fixed
Now context.sh is generated as:
VARIABLE='VALUE'
VALUE string is scanned and every occurrence of ' in VALUE is replaced by '\''