From: Dirk Brenken Date: Wed, 17 Jun 2026 18:58:27 +0000 (+0200) Subject: travelmate: update 2.4.6-2 X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=0627b412ee3a760cc4bca9fc8a5b73de8f33ac10;p=openwrt-packages.git travelmate: update 2.4.6-2 harden captive portal auto-login script handling: * enforce the login-script allowlist in the backend instead of the LuCI frontend only: canonicalize the configured path via 'readlink -f' (defeats ../ traversal and symlink-to-interpreter tricks) and require a regular, executable /etc/travelmate/*.login file before running it * run the script in a noglob subshell ('set -f') so attacker-influenceable script_args can no longer expand globs into the trusted script; field splitting (multiple args) is preserved * writing into /etc/travelmate/ is not covered by the luci-app-travelmate ACL, so this limits the root-executed script to admin-placed login scripts and closes a delegated-ACL to root command execution path. Signed-off-by: Dirk Brenken --- diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index ef0fc4738..71ca99568 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=travelmate PKG_VERSION:=2.4.6 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/travelmate/files/travelmate-functions.sh b/net/travelmate/files/travelmate-functions.sh index 5904bc16a..b72e89163 100644 --- a/net/travelmate/files/travelmate-functions.sh +++ b/net/travelmate/files/travelmate-functions.sh @@ -962,16 +962,29 @@ f_check() { uci_add_list "dhcp" "@dnsmasq[0]" "rebind_domain" "${cp_domain}" [ -n "$(uci -q changes "dhcp")" ] && uci_commit "dhcp" /etc/init.d/dnsmasq reload - f_log "info" "captive portal domain '${cp_domain}' added to to dhcp rebind whitelist" + f_log "info" "captive portal domain '${cp_domain}' added to dhcp rebind allowlist" result="$(f_net)" done if [ -n "${cp_domain}" ]; then trm_connection="${result:-"-"}/${ifquality}" f_genstatus login_script="$(f_getval "script")" - if [ -x "${login_script}" ]; then + if [ -n "${login_script}" ]; then + login_script="$(readlink -f "${login_script}" 2>/dev/null)" + case "${login_script}" in + /etc/travelmate/*.login) ;; + *) + f_log "info" "captive portal login script rejected" + login_script="" + ;; + esac + fi + if [ -f "${login_script}" ] && [ -x "${login_script}" ]; then login_script_args="$(f_getval "script_args")" - "${login_script}" ${login_script_args} >/dev/null 2>&1 + ( + set -f + exec "${login_script}" ${login_script_args} >/dev/null 2>&1 + ) rc="${?}" f_log "info" "captive portal login script for '${cp_domain}' has been finished with rc '${rc}'" if [ "${rc}" = "0" ]; then