Merged revisions 219061 via svnmerge from

https://origsvn.digium.com/svn/asterisk/trunk

................
  r219061 | tilghman | 2009-09-16 18:42:12 -0500 (Wed, 16 Sep 2009) | 15 lines
  
  Merged revisions 219023 via svnmerge from 
  https://origsvn.digium.com/svn/asterisk/branches/1.4
  
  ........
    r219023 | tilghman | 2009-09-16 18:21:53 -0500 (Wed, 16 Sep 2009) | 8 lines
    
    Properly deal with quotes in the arguments of '#exec' includes.
    (closes issue #15583)
     Reported by: pkempgen
     Patches: 
           20090726__issue15583.diff.txt uploaded by tilghman (license 14)
           20090726__issue15583-1.4-4.diff.txt uploaded by pkempgen (license 169)
     Tested by: pkempgen
  ........
................


git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.0@219064 f38db490-d61c-443f-a65b-d21fe96a405b

2 files changed, 53 insertions, 38 deletions

diff --git a/configs/extensions.conf.sample b/configs/extensions.conf.sample
index 7586de65e..bcc6fe388 100644
--- a/configs/extensions.conf.sample
+++ b/configs/extensions.conf.sample
@@ -106,6 +106,8 @@ clearglobalvars=no
 ; that includes contexts within other contexts. The #include command works
 ; in all asterisk configuration files.
 ;#include "filename.conf"
+;#include <filename.conf>
+;#include filename.conf
 ;
 ; You can execute a program or script that produces config files, and they
 ; will be inserted where you insert the #exec command. The #exec command 
@@ -113,6 +115,9 @@ clearglobalvars=no
 ; activate them within asterisk.conf with the "execincludes" option.  They
 ; are otherwise considered a security risk.
 ;#exec /opt/bin/build-extra-contexts.sh
+;#exec /opt/bin/build-extra-contexts.sh --foo="bar"
+;#exec </opt/bin/build-extra-contexts.sh --foo="bar">
+;#exec "/opt/bin/build-extra-contexts.sh --foo=\"bar\""
 ;
 
 ; The "Globals" category contains global variables that can be referenced
diff --git a/main/config.c b/main/config.c
index c79b0ef23..a933b3fbe 100644
--- a/main/config.c
+++ b/main/config.c
@@ -1033,45 +1033,55 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 			return 0;	/* XXX is this correct ? or we should return -1 ? */
 		}
 
-				/* Strip off leading and trailing "'s and <>'s */
-				while ((*c == '<') || (*c == '>') || (*c == '\"')) c++;
-				/* Get rid of leading mess */
-				cur = c;
-				cur2 = cur;
-				while (!ast_strlen_zero(cur)) {
-					c = cur + strlen(cur) - 1;
-					if ((*c == '>') || (*c == '<') || (*c == '\"'))
-						*c = '\0';
-					else
-						break;
-				}
-				/* #exec </path/to/executable>
-				   We create a tmp file, then we #include it, then we delete it. */
-				if (!do_include) {
-					struct timeval tv = ast_tvnow();
-					if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE))
-						config_cache_attribute(configfile, ATTRIBUTE_EXEC, NULL, who_asked);
-					snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d%d.%ld", (int)tv.tv_sec, (int)tv.tv_usec, (long)pthread_self());
-					snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file);
-					ast_safe_system(cmd);
-					cur = exec_file;
-				} else {
-					if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE))
-						config_cache_attribute(configfile, ATTRIBUTE_INCLUDE, cur, who_asked);
-					exec_file[0] = '\0';
+		cur = c;
+		/* Strip off leading and trailing "'s and <>'s */
+		if (*c == '"') {
+			/* Dequote */
+			while (*c) {
+				if (*c == '"') {
+					strcpy(c, c + 1); /* SAFE */
+					c--;
+				} else if (*c == '\\') {
+					strcpy(c, c + 1); /* SAFE */
 				}
-				/* A #include */
-				/* record this inclusion */
-				inclu = ast_include_new(cfg, cfg->include_level == 1 ? "" : configfile, cur, !do_include, cur2, lineno, real_inclusion_name, sizeof(real_inclusion_name));
-
-				do_include = ast_config_internal_load(cur, cfg, flags, real_inclusion_name, who_asked) ? 1 : 0;
-				if (!ast_strlen_zero(exec_file))
-					unlink(exec_file);
-				if (!do_include) {
-					ast_log(LOG_ERROR, "The file '%s' was listed as a #include but it does not exist.\n", cur);
-					return -1;
-				}
-				/* XXX otherwise what ? the default return is 0 anyways */
+				c++;
+			}
+		} else if (*c == '<') {
+			/* C-style include */
+			if (*(c + strlen(c) - 1) == '>') {
+				cur++;
+				*(c + strlen(c) - 1) = '\0';
+			}
+		}
+		cur2 = cur;
+
+		/* #exec </path/to/executable>
+		   We create a tmp file, then we #include it, then we delete it. */
+		if (!do_include) {
+			struct timeval tv = ast_tvnow();
+			if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE))
+				config_cache_attribute(configfile, ATTRIBUTE_EXEC, NULL, who_asked);
+			snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d%d.%ld", (int)tv.tv_sec, (int)tv.tv_usec, (long)pthread_self());
+			snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file);
+			ast_safe_system(cmd);
+			cur = exec_file;
+		} else {
+			if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE))
+				config_cache_attribute(configfile, ATTRIBUTE_INCLUDE, cur, who_asked);
+			exec_file[0] = '\0';
+		}
+		/* A #include */
+		/* record this inclusion */
+		inclu = ast_include_new(cfg, cfg->include_level == 1 ? "" : configfile, cur, !do_include, cur2, lineno, real_inclusion_name, sizeof(real_inclusion_name));
+
+		do_include = ast_config_internal_load(cur, cfg, flags, real_inclusion_name, who_asked) ? 1 : 0;
+		if (!ast_strlen_zero(exec_file))
+			unlink(exec_file);
+		if (!do_include) {
+			ast_log(LOG_ERROR, "The file '%s' was listed as a #include but it does not exist.\n", cur);
+			return -1;
+		}
+		/* XXX otherwise what ? the default return is 0 anyways */
 
 	} else {
 		/* Just a line (variable = value) */