The post processed .config file will get included in shell
and makefiles. So make sure that a string does not contain
symbols that allow command substitution.
If such a malformed string is found, return empty string
and report it.
Signed-off-by: Richard Weinberger <richard@xxxxxx>
---
scripts/kconfig/symbol.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c
index 4a31bb943f79..1035ecdddc99 100644
--- a/scripts/kconfig/symbol.c
+++ b/scripts/kconfig/symbol.c
@@ -880,6 +880,11 @@ const char *sym_escape_string(struct symbol *sym)
in = sym_get_string_value(sym);
+ if (strspn(in, "`$")) {
+ fprintf(stderr, "%s: invalid characters in string found\n", sym->name);
+ return xstrdup("\"\"");
+ }
+
reslen = strlen(in) + strlen("\"\"") + 1;
p = in;
--
2.26.2
