Completely revamped the system for calling external programs and scripts:

* All external programs and scripts are now called by execve() on unix and
  CreateProcess on Windows.

* The system() function is no longer used.

* Argument lists for external programs and scripts are now built by the new
  argv_printf function which natively outputs to string arrays (i.e.
  char *argv[] lists), never truncates its output, and eliminates the security
  issues inherent in formatting and parsing command lines, and dealing with
  argument quoting.

* The --script-security directive has been added to offer policy controls on
  OpenVPN's execution of external programs and scripts.

Also added a new plugin example (openvpn/plugin/examples/log.c) that logs
information to stdout for every plugin method called by OpenVPN.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 5 insertions, 2 deletions

diff --git a/init.c b/init.c
index ebdc9f3..6f762c9 100644
--- a/init.c
+++ b/init.c
@@ -370,7 +370,7 @@ init_port_share (struct context *c)
 bool
 init_static (void)
 {
-  configure_path ();
+  /* configure_path (); */
 
 #if defined(USE_CRYPTO) && defined(DMALLOC)
   openssl_dmalloc_init ();
@@ -921,8 +921,11 @@ do_route (const struct options *options,
 
   if (options->route_script)
     {
+      struct argv argv = argv_new ();
       setenv_str (es, "script_type", "route-up");
-      system_check (options->route_script, es, S_SCRIPT, "Route script failed");
+      argv_printf (&argv, "%s", options->route_script);
+      openvpn_execve_check (&argv, es, S_SCRIPT, "Route script failed");
+      argv_reset (&argv);
     }
 
 #ifdef WIN32