From 5cd5fff78de11178c51ca245ff5de61a86b85049 Mon Sep 17 00:00:00 2001
From: Quentin Armitage <quentin@armitage.org.uk>
Date: Thu, 22 Mar 2018 16:54:54 +0000
Subject: [PATCH] Fix vrrp_script and check_misc scripts of type
 </dev/tcp/127.0.0.1/80

Issue #817 identified that these types of "scripts" no longer worked.

Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>

---
 keepalived/check/check_misc.c | 8 ++++++++
 keepalived/vrrp/vrrp.c        | 7 +++++++
 2 files changed, 15 insertions(+)

diff --git a/keepalived/check/check_misc.c b/keepalived/check/check_misc.c
index 8c6f3376..92d91597 100644
--- a/keepalived/check/check_misc.c
+++ b/keepalived/check/check_misc.c
@@ -224,6 +224,14 @@ check_misc_script_security(void)
 			continue;
 
 		misc_script = CHECKER_ARG(checker);
+
+		/* If the misc check script starts "</" (possibly with white space between
+		 * the '<' and '/'), it is checking for a file being openable,
+		 * so it won't be executed */
+		if (misc_script->path[0] == '<' &&
+		    misc_script->path[strspn(misc_script->path + 1, " \t") + 1] == '/')
+			return 0;
+
 		script.name = misc_script->path;
 		script.uid = misc_script->uid;
 		script.gid = misc_script->gid;
diff --git a/keepalived/vrrp/vrrp.c b/keepalived/vrrp/vrrp.c
index d0675d91..45582e68 100644
--- a/keepalived/vrrp/vrrp.c
+++ b/keepalived/vrrp/vrrp.c
@@ -160,6 +160,13 @@ check_track_script_secure(tracked_sc_t *script)
 	if (script->scr->insecure)
 		return 0;
 
+	/* If the track script starts "</" (possibly with white space between
+	 * the '<' and '/'), it is checking for a file being openable,
+	 * so it won't be executed */
+	if (script->scr->script[0] == '<' &&
+	    script->scr->script[strspn(script->scr->script + 1, " \t") + 1] == '/')
+		return 0;
+
 	ns.name = script->scr->script;
 	ns.uid = script->scr->uid;
 	ns.gid = script->scr->gid;
-- 
2.17.1