swtpm-localca: Cleanse variable before running eval on it

Cleanse the tmp variable before running eval on it. This is to prevent
execution of commands that a hidden in variable values read from a config
file. We only need to resolve the values of variables and don't want
the execution of a subshell command initated by either $(...) or `...` .

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

diff --git a/samples/swtpm-localca b/samples/swtpm-localca
index 35dab41bf2704e95f2f9106e4f9769bdc7800d7c..f07e35f3c0761203a55b885f224e75faf8adf405 100755 (executable)
--- a/samples/swtpm-localca
+++ b/samples/swtpm-localca
@@ -90,6 +90,9 @@ get_config_value() {
                        return 1
                fi
        else
+               # don't let eval execute subshells: removed '`' and
+               # convert '$(' to '('
+               tmp=$(echo "$tmp" | sed -e 's/\$(/(/g' -e 's/`\(.*\)`/\1/g')
                echo $(eval echo "$tmp")
        fi