diff options
| author | Daniil Baturin <daniil@vyos.io> | 2020-06-19 02:11:21 +0300 |
|---|---|---|
| committer | Daniil Baturin <daniil@vyos.io> | 2020-06-19 02:13:23 +0300 |
| commit | 3f84c582f966f83d86cf066328eeced4704d63a4 (patch) | |
| tree | 4ccab777c811fd8b48dbb704c1461dc6360ef0af | |
| parent | 581224a42995dcb68cb0f489ac446fe7655e5557 (diff) | |
| download | vyos-utils-3f84c582f966f83d86cf066328eeced4704d63a4.tar.gz vyos-utils-3f84c582f966f83d86cf066328eeced4704d63a4.zip | |
T1901: quote the value to avoid having the shell interpret anything as a part of the command.
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | src/validate_value.ml | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 298b33d..e0ac2fa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyos-utils (0.0.3) unstable; urgency=medium + + * Quote values properly (T1901). + + -- Daniil Baturin <daniil@vyos.io> Fri, 19 Jun 2020 02:12:22 +0300 + vyos-utils (0.0.2) unstable; urgency=medium * Fixed an invalid argument bug in the --non-negative option. diff --git a/src/validate_value.ml b/src/validate_value.ml index 3af58e0..250f9f1 100644 --- a/src/validate_value.ml +++ b/src/validate_value.ml @@ -11,7 +11,7 @@ let validate_value value_constraint value = especially when the input comes directly from the user... We should do something about it. *) - let result = Unix.system (Printf.sprintf "%s %s" c value) in + let result = Unix.system (Printf.sprintf "%s \'%s\'" c value) in match result with | Unix.WEXITED 0 -> true | Unix.WEXITED 127 -> |