[devscripts] 06/09: uscan: Avoid using an untrusted directory name in the shell

[James McCoy]

This is an automated email from the git hooks/post-receive script.

jamessan pushed a commit to branch master
in repository devscripts.

commit b815aa438f018b5afc566eb403b0319a99a32995
Author: James McCoy <jamessan at debian.org>
Date:   Wed Dec 18 22:32:23 2013 -0500

    uscan: Avoid using an untrusted directory name in the shell
    
    Signed-off-by: James McCoy <jamessan at debian.org>
---
 scripts/uscan.pl | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index a8cc7ad..de6cfc1 100755
--- a/scripts/uscan.pl
+++ b/scripts/uscan.pl
@@ -1536,7 +1536,9 @@ EOF
 	    unless ( -d $main_source_dir ) {
 		print STDERR "Error: $main_source_dir is no directory";
 	    }
-	    my $nfiles_before = `find $main_source_dir | wc -l`;
+	    my $file_list;
+	    spawn(exec => ['find', $main_source_dir], wait_child => 1, to_string => \$file_list);
+	    my $nfiles_before = split /\n/, $file_list;
 	    foreach (grep {/\//} split /\s+/, $data->{"files-excluded"}) {
 		# delete trailing '/' because otherwise find -path will fail
 		s?/+$??;
@@ -1546,7 +1548,9 @@ EOF
 	    foreach (grep {/^[^\/]+$/} split /\s+/, $data->{"files-excluded"}) {
 		system('find', $main_source_dir, '-type', 'f', '-name', $_, '-delete');
 	    }
-	    my $nfiles_after = `find $main_source_dir | wc -l`;
+	    undef $file_list;
+	    spawn(exec => ['find', $main_source_dir], wait_child => 1, to_string => \$file_list);
+	    my $nfiles_after = split /\n/, $file_list;
 	    if ( $nfiles_before == $nfiles_after ) {
 		print "-- Source tree remains identical - no need for repacking.\n" if $verbose;
 	    } else {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git