From 000a27ffc3f239b457487f5db479d1e7282e3ad5 Mon Sep 17 00:00:00 2001
From: P. J. McDermott <pjm@nac.net>
Date: Fri, 26 Oct 2012 02:25:59 -0400
Subject: Validate substvar names.

---
(limited to 'lib')

diff --git a/lib/control.sh b/lib/control.sh
index 04a0cba..746863e 100644
--- a/lib/control.sh
+++ b/lib/control.sh
@@ -157,6 +157,15 @@ ob_set_substvar()
 		return ${?}
 	fi
 
+	# Convert variable name to uppercase and validate.
+	_obssv_name="$(echo "${_obssv_name}" | tr 'a-z-' 'A-Z_')"
+	case "${_obssv_name:- }" in
+		*[!A-Z0-9_]*)
+			_ob_return 125
+			return ${?}
+			;;
+	esac
+
 	# Trim leading and trailing whitespace from value.
 	_obssv_value="$(echo "${_obssv_value}" | sed -n '
 		H;                # Store each input line in the hold space.
@@ -168,7 +177,6 @@ ob_set_substvar()
 		};
 		')"
 
-	_obssv_name="$(echo "${_obssv_name}" | tr 'a-z-' 'A-Z_')"
 	eval "_OB_SUBSTVAR_${_obssv_name}='${_obssv_value}'"
 
 	_ob_return 125
--
cgit v0.9.1