debd.in.diff (escaping system/open calls)
- From: Leonard den Ottolander <leonard den ottolander nl>
- To: MC Devel <mc-devel gnome org>
- Subject: debd.in.diff (escaping system/open calls)
- Date: Fri, 20 Aug 2004 18:42:04 +0200
Hi,
Ok, debd.in checked for missing escapes on calls to system and opens
that spawn a shell. See attached debd.in.diff.
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
--- debd.in.000 2002-12-12 17:15:30.000000000 +0100
+++ debd.in 2004-08-20 18:38:51.000000000 +0200
@@ -102,8 +102,10 @@ sub ls {
sub list
{
my($archive)= _;
+ my $qarchive = $archive;
+ $qarchive =~ s/([^\w\/.+-])/\\$1/g;
chop($date=`LC_ALL=C date "+%b %d %Y %H:%M"`);
- chop($info_size=`dpkg -s $archive | wc -c`);
+ chop($info_size=`dpkg -s $qarchive | wc -c`);
$repack_size=length($pressrepack);
$reinstall_size=length($pressreinstall);
$remove_size=length($pressremove);
@@ -118,7 +120,7 @@ sub list
print "-r--r--r-- 1 root root $info_size $date INFO\n";
print "-r-xr--r-- 1 root root $purge_size $date DPKG-PURGE\n";
- chop($status = `dpkg -s $archive | grep ^Status`);
+ chop($status = `dpkg -s $qarchive | grep ^Status`);
if( $status =~ /deinstall/ ) {
print "-r-xr--r-- 1 root root $select_size $date DPKG-SELECT\n";
} elsif( $status =~ /install/ ) {
@@ -141,7 +143,7 @@ sub list
- if ( open(PIPEIN, "LANG=C ls -l /var/lib/dpkg/info/$archive.* |") ) {
+ if ( open(PIPEIN, "LANG=C ls -l /var/lib/dpkg/info/$qarchive.* |") ) {
while(<PIPEIN>) {
chop;
next if /\.list$/;
@@ -163,35 +165,41 @@ sub list
sub copyout
{
my($archive,$filename,$destfile)= _;
+ my $qarchive = $archive;
+ $qarchive =~ s/([^\w\/.+-])/\\$1/g;
+ my $qfilename = $filename;
+ $qfilename =~ s/([^\w\/.+-])/\\$1/g;
+ my $qdestfile = $destfile;
+ $qdestfile =~ s/([^\w\/.+-])/\\$1/g;
if($filename eq "INFO") {
- system("dpkg -s $archive > $destfile");
+ system("dpkg -s $qarchive > $qdestfile");
} elsif($filename eq "DPKG-REPACK") {
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $pressrepack;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} elsif($filename =~ /^DEBIAN/) {
$filename=~s!^DEBIAN/!!;
- system("cat /var/lib/dpkg/info/$archive.$filename > $destfile");
+ system("cat /var/lib/dpkg/info/$qarchive.$qfilename > $qdestfile");
} elsif($filename eq "DPKG-REMOVE" || $filename eq "APT-REMOVE") {
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $pressremove;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} elsif($filename eq "DPKG-PURGE" || $filename eq "APT-PURGE") {
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $presspurge;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} elsif($filename eq "DPKG-RECONFIGURE") {
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $pressreconfigure;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} elsif($filename eq "APT-REINSTALL") {
if ( open(FILEOUT,">$destfile") ) {
@@ -209,41 +217,45 @@ sub copyout
if ( open(FILEOUT,">$destfile") ) {
print FILEOUT $pressunselect;
close FILEOUT;
- system("chmod a+x $destfile");
+ system("chmod a+x $qdestfile");
}
} else {
$filename=~s!^CONTENTS!!;
- system("cat $filename > $destfile");
+ system("cat $filename > $qdestfile");
}
}
sub run
{
my($archive,$filename)= _;
+ my $qarchive = $archive;
+ $qarchive =~ s/([^\w\/.+-])/\\$1/g;
+ my $qfilename = $filename;
+ $qfilename =~ s/([^\w\/.+-])/\\$1/g;
if($filename eq "DPKG-REMOVE") {
- system("dpkg --remove $archive");
+ system("dpkg --remove $qarchive");
} elsif($filename eq "APT-REMOVE") {
- system("apt-get remove $archive");
+ system("apt-get remove $qarchive");
} elsif($filename eq "DPKG-PURGE") {
- system("dpkg --purge $archive");
+ system("dpkg --purge $qarchive");
} elsif($filename eq "APT-PURGE") {
- system("apt-get --purge remove $archive");
+ system("apt-get --purge remove $qarchive");
} elsif($filename eq "DPKG-REPACK") {
- system("dpkg-repack $archive");
+ system("dpkg-repack $qarchive");
} elsif($filename eq "DPKG-SELECT") {
- system("echo $archive install | dpkg --set-selections");
+ system("echo $aqrchive install | dpkg --set-selections");
} elsif($filename eq "DPKG-UNSELECT") {
- system("echo $archive deinstall | dpkg --set-selections");
+ system("echo $qarchive deinstall | dpkg --set-selections");
} elsif($filename eq "APT-REINSTALL") {
- system("apt-get -u --reinstall install $archive");
+ system("apt-get -u --reinstall install $qarchive");
} elsif($filename eq "DPKG-RECONFIGURE") {
- system("dpkg-reconfigure $archive");
+ system("dpkg-reconfigure $qarchive");
} elsif($filename=~/^DEBIAN/) {
$filename=~s!^DEBIAN!!;
- system("/var/lib/dpkg/info/$archive.$filename");
+ system("/var/lib/dpkg/info/$qarchive.$qfilename");
} else {
$filename=~s!^CONTENTS!!;
- system($filename);
+ system($qfilename);
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
