Re: New patchfs script

Adam Byrtek 'alpha' wrote:
On Wed, Dec 11, 2002 at 04:42:35PM +0200, Andrew V. Samoilov wrote:

I applied little patch for your patchfs to quote metacharacters in


. . .
 >>-    copyout ($ARGV[2], $ARGV[3]);
 >>+    copyout ($ARGV[2], quotemeta ($ARGV[3]));
 > The second chunk is invalid.
 > $ARGV[3] is used only for 'open', and it doesn't need quoting:
 > bash-2.05b$ perl -we 'open TMP, ">". quotemeta("Q|Q|\\|Q"); print TMP
 > "xxx\n"; close TMP'
 > bash-2.05b$ ls Q*
 > Q\|Q\|\\\|Q

Yes, it was initial version of patch, CVS is ok.  Thanks for a catch.

Also I want to eliminate temporary file in copyout()

It's necessary with this algorithm - you can't do 'seek' on a pipe.

Well, comment section can be stored in the array, so seek will be

The temporary file is created in a safe way, so this should not be a
security issue. BTW I guess we can create the file before doing '>' to
avoid symlink attack (quite improbable, tmp file name is random).

It is not security issue but resource.  Kernel patches can be 20 Mb

and teach patchfs to understand context diffs (diff -c).
Another good change should be to use +++ filename for newly created
files (--- /dev/null).

It would be nice. Should I try to work on this issues or do you want
to do this yourself?

You are author, so you are preffered.

Andrew V. Samoilov

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]