rc.d/jail: avoid misinterpreting expr arguments

(Due to some misconfiguration) I ended up with _mask set to "-v<something>", and /etc/rc.d/jail then failed with "expr: illegal option -- v". Use "expr --" so that variable content is never interpreted as an option. Reviewed by: jamie Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D14535
2018-02-28 17:20:10 +00:00 · 2018-02-28 17:20:10 +00:00 · da95763b3b
commit da95763b3b
parent 14e084ada5
1 changed files with 3 additions and 3 deletions
--- a/etc/rc.d/jail
+++ b/etc/rc.d/jail
@ -316,7 +316,7 @@ jail_extract_address()

 	# Extract the prefix/netmask/prefixlen part by cutting off the address.
 	_mask=${_r}
-	_mask=`expr "${_mask}" : "${_addr}\(.*\)"`
+	_mask=`expr -- "${_mask}" : "${_addr}\(.*\)"`

 	# Identify type {inet,inet6}.
 	case "${_addr}" in
@ -366,8 +366,8 @@ jail_handle_ips_option()
 	while [ ${#_x} -gt 0 ]; do
 		case "${_x}" in
 		*,*)	# Extract the first argument and strip it off the list.
-			_i=`expr "${_x}" : '^\([^,]*\)'`
-			_x=`expr "${_x}" : "^[^,]*,\(.*\)"`
+			_i=`expr -- "${_x}" : '^\([^,]*\)'`
+			_x=`expr -- "${_x}" : "^[^,]*,\(.*\)"`
 		;;
 		*)	_i=${_x}
 			_x=""