From bbac9ca958c73fd08b4691ea40067d1cc3ac275a Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Wed, 9 Nov 2022 22:02:46 +0100 Subject: [PATCH] Conf: Make 'configure check' command restricted While it does not directly change BIRD state, it can trigger reading arbitrary files and eating significant memory. --- sysdep/unix/main.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sysdep/unix/main.c b/sysdep/unix/main.c index 18cc091f..18fd4e44 100644 --- a/sysdep/unix/main.c +++ b/sysdep/unix/main.c @@ -282,6 +282,9 @@ cmd_read_config(const char *name) void cmd_check_config(const char *name) { + if (cli_access_restricted()) + return; + struct config *conf = cmd_read_config(name); if (!conf) return;