[debhelper-devel] [debhelper] 01/01: dh_strip: Avoid potential unsafe stat(_) call

Niels Thykier nthykier at moszumanska.debian.org
Sat Oct 14 14:56:55 UTC 2017 

This is an automated email from the git hooks/post-receive script.

nthykier pushed a commit to branch master
in repository debhelper.

commit 7bc33f1b48e51d109fd1ef1628afa5f741bb88da
Author: Niels Thykier <niels at thykier.net>
Date:   Sat Oct 14 14:55:04 2017 +0000

    dh_strip: Avoid potential unsafe stat(_) call
    
    In practise, compat would never issue a stat call itself, but in the
    future, we may remove the compat call that happens before this code
    path is run.
    
    Signed-off-by: Niels Thykier <niels at thykier.net>
---
 dh_strip | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/dh_strip b/dh_strip
index edda179..c22e4db 100755
--- a/dh_strip
+++ b/dh_strip
@@ -191,6 +191,12 @@ sub testfile {
 	# Is it a debug library in a debug subdir?
 	return if $fn=~m/debug\/.*\.so/;
 
+	# Exploit the previous stat call to get the $mode, so we can check
+	# later if it is executable or not.
+	#
+	# NB: compat() can issue a stat, so we /should/ do this now
+	my (undef, undef, $mode, undef) = stat(_);
+
 	if (compat(10)) {
 		# In compat 10 and earlier, we used filenames and file(1)
 
@@ -206,8 +212,7 @@ sub testfile {
 			}
 		}
 
-		# Is it executable? -x isn't good enough, so we need to use stat.
-		my (undef, undef, $mode, undef) = stat(_);
+		# -x is not good enough for this test
 		if ($mode & 0111) {
 			# Ok, expensive test.
 			my $type = get_file_type($fn, 1);
@@ -220,10 +225,8 @@ sub testfile {
 		# In compat 11, we check the ELF header manually (because bulking file(1) is a pain and
 		# it is too slow otherwise)
 
-		# Exploit the previous stat call, so we can check if it is executable or not (-x is not good enough
-		# for this test)
-		my (undef, undef, $mode, undef) = stat(_);
 		if (is_so_or_exec_elf_file($fn)) {
+			# -x is not good enough for this test
 			if ($mode & 0111) {
 				push(@executables, $fn);
 			} else {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debhelper/debhelper.git

More information about the debhelper-devel mailing list