From ae8a2d515df8f3638d03b3dbf7f412bca3f17c3f Mon Sep 17 00:00:00 2001
From: Philip Prindeville <philipp@redfish-solutions.com>
Date: Fri, 8 Aug 2025 21:48:06 -0600
Subject: [PATCH] isc-dhcpd: quote filenames for safety

Per best practices, we should protect against wildcards in
variable expansions.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
---
 net/isc-dhcp/files/dhcpd.init | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/isc-dhcp/files/dhcpd.init b/net/isc-dhcp/files/dhcpd.init
index 7f32e41f4c..66b7606175 100755
--- a/net/isc-dhcp/files/dhcpd.init
+++ b/net/isc-dhcp/files/dhcpd.init
@@ -638,7 +638,7 @@ start_service() {
 	else
 		. /lib/functions/network.sh
 
-		local dyn_file=$(mktemp -u /tmp/dhcpd.XXXXXX)
+		local dyn_file="$(mktemp -u /tmp/dhcpd.XXXXXX)"
 
 		config_load dhcp
 
@@ -653,7 +653,7 @@ start_service() {
 		general_config > $config_file
 
 		if [ $dynamicdns -eq 1 ]; then
-			cat <<EOF > $dyn_file
+			cat <<EOF > "$dyn_file"
 ; Generated by /etc/init.d/dhcpd at $(date)
 
 ttl $TTL
@@ -681,11 +681,11 @@ EOF
 
 			no_ipv6 && args="-4"
 
-			nsupdate -l -v $args $dyn_file
+			nsupdate -l -v $args "$dyn_file"
 
 		fi
 
-		rm -f $dyn_file
+		rm -f "$dyn_file"
 
 		[ -z "$dhcp_ifs" ] && return 0
 	fi
-- 
2.30.2