[arch-projects] [devtools] [PATCH 2/2] avoid injecting code into the format string

Dave Reisner d at falconindy.com
Tue Jul 30 15:05:20 EDT 2013


On Tue, Jul 30, 2013 at 02:51:30PM -0400, Eric Bélanger wrote:
> On Tue, Jul 30, 2013 at 11:00 AM, Dave Reisner <dreisner at archlinux.org> wrote:
> 
>     Now that die() properly forwards arguments to error(), we can expect
>     that the first arg is a format string and not the entirety of the
>     output.
> 
>     Signed-off-by: Dave Reisner <dreisner at archlinux.org>
>     ---
>      arch-nspawn.in   |  4 ++--
>      archco.in        |  2 +-
>      archrelease.in   |  6 +++---
>      checkpkg.in      |  4 ++--
>      commitpkg.in     | 10 +++++-----
>      crossrepomove.in |  2 +-
>      find-libdeps.in  |  2 +-
>      makechrootpkg.in | 14 +++++++-------
>      mkarchroot.in    |  4 ++--
>      9 files changed, 24 insertions(+), 24 deletions(-)
> 
>     diff --git a/arch-nspawn.in b/arch-nspawn.in
>     index 8ef39ed..f52afe9 100644
>     --- a/arch-nspawn.in
>     +++ b/arch-nspawn.in
>     @@ -88,9 +88,9 @@ umask 0022
> 
>      # Sanity check
>      if [[ ! -f "$working_dir/.arch-chroot" ]]; then
>     -       die "'$working_dir' does not appear to be a Arch chroot."
>     +       die "'%s' does not appear to be a Arch chroot." "$working_dir"
>      elif [[ $(cat "$working_dir/.arch-chroot") != $CHROOT_VERSION ]]; then
>     -       die "chroot '$working_dir' is not at version $CHROOT_VERSION.
>     Please rebuild."
>     +       die "chroot '%s' is not at version %s. Please rebuild."
>     "$working_dir" "$CHROOT_VERSION"
>      fi
> 
>      build_mount_args
>     diff --git a/archco.in b/archco.in
>     index 1ee977e..29e4cd6 100644
>     --- a/archco.in
>     +++ b/archco.in
>     @@ -15,7 +15,7 @@ case $scriptname in
>             communityco)
>                     SVNURL="svn+ssh://svn-community@nymeria.archlinux.org/srv/
>     repos/svn-community/svn";;
>             *)
>     -               die "Couldn't find svn url for $scriptname"
>     +               die "Couldn't find svn url for %s" $scriptname"
>                     ;;
> 
> 
> You forgot a quote: $scriptname" -> "$scriptname"
> 
> Eric

huh... guess I'll resend this with another patch, then.

> 
>  
> 
>      esac
> 
>     diff --git a/archrelease.in b/archrelease.in
>     index 2e742c2..6f52dbc 100644
>     --- a/archrelease.in
>     +++ b/archrelease.in
>     @@ -8,8 +8,8 @@ FORCE=
>      while getopts ':f' flag; do
>             case $flag in
>                     f) FORCE=1 ;;
>     -               :) die "Option requires an argument -- '$OPTARG'" ;;
>     -               \?) die "Invalid option -- '$OPTARG'" ;;
>     +               :) die "Option requires an argument -- '%s'" "$OPTARG" ;;
>     +               \?) die "Invalid option -- '%s'" "$OPTARG" ;;
>             esac
>      done
>      shift $(( OPTIND - 1 ))
>     @@ -23,7 +23,7 @@ fi
>      if [[ -z $FORCE ]]; then
>             for tag in "$@"; do
>                     if ! in_array "$tag" "${_tags[@]}"; then
>     -                       die 'archrelease: Invalid tag: "'$tag'" (use -f to
>     force release)'
>     +                       die "archrelease: Invalid tag: '%s' (use -f to
>     force release)" "$tag"
>                     fi
>             done
>      fi
>     diff --git a/checkpkg.in b/checkpkg.in
>     index 95bf049..8e0f574 100644
>     --- a/checkpkg.in
>     +++ b/checkpkg.in
>     @@ -41,13 +41,13 @@ for _pkgname in "${pkgname[@]}"; do
>             pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$_pkgname")
> 
>             if [[ $? -ne 0 ]]; then
>     -               die "Couldn't download previous package for $_pkgname."
>     +               die "Couldn't download previous package for %s."
>     "$_pkgname"
>             fi
> 
>             oldpkg=${pkgurl##*://*/}
> 
>             if [[ ${oldpkg##*/} = ${pkgfile##*/} ]]; then
>     -               die "The built package ($_pkgname) is the one in the repo
>     right now!"
>     +               die "The built package (%s) is the one in the repo right
>     now!" "$_pkgname"
>             fi
> 
>             if [[ ! -f $oldpkg ]]; then
>     diff --git a/commitpkg.in b/commitpkg.in
>     index db78517..ad1005b 100644
>     --- a/commitpkg.in
>     +++ b/commitpkg.in
>     @@ -58,7 +58,7 @@ esac
>      # check if all local source files are under version control
>      for s in "${source[@]}"; do
>             if [[ $s != *://* ]] && ! svn status -v "$s@" | grep -q '^[ AMRX~]
>     '; then
>     -               die "$s is not under version control"
>     +               die "%s is not under version control" "$s"
>             fi
>      done
> 
>     @@ -68,7 +68,7 @@ for i in 'changelog' 'install'; do
>                     # evaluate any bash variables used
>                     eval file=\"$(sed 's/^\(['\''"]\)\(.*\)\1$/\2/' <<<
>     "$file")\"
>                     if ! svn status -v "${file}" | grep -q '^[ AMRX~]'; then
>     -                       die "${file} is not under version control"
>     +                       die "%s is not under version control" "$file"
>                     fi
>             done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
>      done
>     @@ -81,8 +81,8 @@ while getopts ':l:a:s:f' flag; do
>                     s) server=$OPTARG ;;
>                     l) rsyncopts+=("--bwlimit=$OPTARG") ;;
>                     a) commit_arch=$OPTARG ;;
>     -               :) die "Option requires an argument -- '$OPTARG'" ;;
>     -               \?) die "Invalid option -- '$OPTARG'" ;;
>     +               :) die "Option requires an argument -- '%s'" "$OPTARG" ;;
>     +               \?) die "Invalid option -- '%s'" "$OPTARG" ;;
>             esac
>      done
>      shift $(( OPTIND - 1 ))
>     @@ -164,7 +164,7 @@ for _arch in ${arch[@]}; do
>                             gpg --detach-sign --use-agent ${SIGNWITHKEY} "$
>     {pkgfile}" || die
>                     fi
>                     if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
>     -                       die "Signature ${pkgfile}.sig is incorrect!"
>     +                       die "Signature %s.sig is incorrect!" "$pkgfile"
>                     fi
>                     uploads+=("$sigfile")
>             done
>     diff --git a/crossrepomove.in b/crossrepomove.in
>     index 1d4ae6c..912504f 100644
>     --- a/crossrepomove.in
>     +++ b/crossrepomove.in
>     @@ -25,7 +25,7 @@ case $scriptname in
>                     target_repo='extra'
>                     ;;
>             *)
>     -               die "Couldn't find configuration for $scriptname"
>     +               die "Couldn't find configuration for %s" "$scriptname"
>                     ;;
>      esac
> 
>     diff --git a/find-libdeps.in b/find-libdeps.in
>     index 36e2c43..c9b451e 100644
>     --- a/find-libdeps.in
>     +++ b/find-libdeps.in
>     @@ -16,7 +16,7 @@ script_mode=${0##*/find-lib}
> 
>      case $script_mode in
>             deps|provides) true;;
>     -       *) die "Unknown mode $script_mode" ;;
>     +       *) die "Unknown mode %s" "$script_mode" ;;
>      esac
> 
>      if [[ -z $1 ]]; then
>     diff --git a/makechrootpkg.in b/makechrootpkg.in
>     index d7d3ecf..1cd08fb 100644
>     --- a/makechrootpkg.in
>     +++ b/makechrootpkg.in
>     @@ -81,8 +81,8 @@ done
> 
>      # Canonicalize chrootdir, getting rid of trailing /
>      chrootdir=$(readlink -e "$passeddir")
>     -[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path
>     '$passeddir'"
>     -[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try
>     using: mkarchroot $chrootdir/root base-devel"
>     +[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'"
>     "$passeddir"
>     +[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try
>     using: mkarchroot %s/root base-devel" "$chrootdir"
> 
>      # Detect chrootdir filesystem type
>      chroottype=$(stat -f -c %T "$chrootdir")
>     @@ -136,10 +136,10 @@ create_chroot() {
>                     if [[ "$chroottype" == btrfs ]]; then
>                             if [[ -d $copydir ]]; then
>                                     btrfs subvolume delete "$copydir" >/dev/
>     null ||
>     -                                       die "Unable to delete subvolume
>     $copydir"
>     +                                       die "Unable to delete subvolume %s"
>     "$copydir"
>                             fi
>                             btrfs subvolume snapshot "$chrootdir/root"
>     "$copydir" >/dev/null ||
>     -                               die "Unable to create subvolume $copydir"
>     +                               die "Unable to create subvolume %s"
>     "$copydir"
>                     else
>                             mkdir -p "$copydir"
>                             rsync -a --delete -q -W -x "$chrootdir/root/"
>     "$copydir"
>     @@ -155,11 +155,11 @@ clean_temporary() {
>             stat_busy "Removing temporary copy [$copy]"
>             if [[ "$chroottype" == btrfs ]]; then
>                     btrfs subvolume delete "$copydir" >/dev/null ||
>     -                       die "Unable to delete subvolume $copydir"
>     +                       die "Unable to delete subvolume %s" "$copydir"
>             else
>                     # avoid change of filesystem in case of an umount failure
>                     rm --recursive --force --one-file-system "$copydir" ||
>     -                       die "Unable to delete $copydir"
>     +                       die "Unable to delete %s" "$copydir"
>             fi
> 
>             # remove lock file
>     @@ -362,7 +362,7 @@ if (( ret != 0 )); then
>             if $temp_chroot; then
>                     die "Build failed"
>             else
>     -               die "Build failed, check $copydir/build"
>     +               die "Build failed, check %s/build" "$copydir"
>             fi
>      else
>             true
>     diff --git a/mkarchroot.in b/mkarchroot.in
>     index 970bbb9..7cdb274 100644
>     --- a/mkarchroot.in
>     +++ b/mkarchroot.in
>     @@ -51,7 +51,7 @@ fi
> 
>      umask 0022
> 
>     -[[ -e $working_dir ]] && die "Working directory '$working_dir' already
>     exists"
>     +[[ -e $working_dir ]] && die "Working directory '%s' already exists"
>     "$working_dir"
> 
>      mkdir -p "$working_dir"
> 
>     @@ -60,7 +60,7 @@ lock 9 "${working_dir}.lock" "Locking chroot"
>      if [[ $(stat -f -c %T "$working_dir") == btrfs ]]; then
>             rmdir "$working_dir"
>             if ! btrfs subvolume create "$working_dir"; then
>     -               die "Couldn't create subvolume for '$working_dir'"
>     +               die "Couldn't create subvolume for '%s'" "$working_dir"
>             fi
>             chmod 0755 "$working_dir"
>      fi
>     --
>     1.8.3.4
> 
> 
> 


More information about the arch-projects mailing list