From a4ba40ed053eeace7aeec7ea7677cfe4ab6b1af2 Mon Sep 17 00:00:00 2001
From: tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>
Date: Wed, 16 Sep 2009 23:21:53 +0000
Subject: Properly deal with quotes in the arguments of '#exec' includes.
 (closes issue #15583)  Reported by: pkempgen  Patches:       
 20090726__issue15583.diff.txt uploaded by tilghman (license 14)       
 20090726__issue15583-1.4-4.diff.txt uploaded by pkempgen (license 169) 
 Tested by: pkempgen

git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@219023 f38db490-d61c-443f-a65b-d21fe96a405b
---
 main/config.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

(limited to 'main/config.c')

diff --git a/main/config.c b/main/config.c
index 4fc929c6f..21a569dfc 100644
--- a/main/config.c
+++ b/main/config.c
@@ -717,16 +717,25 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 		}
 		if (do_include || do_exec) {
 			if (c) {
-				/* Strip off leading and trailing "'s and <>'s */
-				while((*c == '<') || (*c == '>') || (*c == '\"')) c++;
-				/* Get rid of leading mess */
 				cur = c;
-				while (!ast_strlen_zero(cur)) {
-					c = cur + strlen(cur) - 1;
-					if ((*c == '>') || (*c == '<') || (*c == '\"'))
-						*c = '\0';
-					else
-						break;
+				/* Strip off leading and trailing "'s and <>'s */
+				if (*c == '"') {
+					/* Dequote */
+					while (*c) {
+						if (*c == '"') {
+							strcpy(c, c + 1); /* SAFE */
+							c--;
+						} else if (*c == '\\') {
+							strcpy(c, c + 1); /* SAFE */
+						}
+						c++;
+					}
+				} else if (*c == '<') {
+					/* C-style include */
+					if (*(c + strlen(c) - 1) == '>') {
+						cur++;
+						*(c + strlen(c) - 1) = '\0';
+					}
 				}
 				/* #exec </path/to/executable>
 				   We create a tmp file, then we #include it, then we delete it. */
-- 
cgit v1.2.3