Bug#794260: devscripts: licensecheck chokes on files containing space
Jakub Wilk
jwilk at debian.org
Fri Jul 31 19:32:33 UTC 2015
* Jonas Smedegaard <dr at jones.dk>, 2015-07-31, 20:44:
>On line 324 of licensecheck is executed this shell code:
>
> file --brief --mime --dereference $file
>
>That will fail if the input file contains space, and may do horrible
>things with input files containing semicolon.
>
>Fix is simple: Add quotes around the variable, so line 324 looks like
>this:
>
> my $mime = `file --brief --mime --dereference "$file"`;
Note that $file is expanded by Perl, not by shell, so this change is not
sufficient:
| $ touch '"; cowsay moo; #.c'
| $ licensecheck *.c
| /usr/bin/licensecheck warning: cannot parse file '"; cowsay moo; #.c' with mime type 'cannot open `' (No such file or directory)
| _____
| < moo >
| -----
| \ ^__^
| \ (oo)\_______
| (__)\ )\/\
| ||----w |
| || ||'
(If the variable were expanded by shell, command injection wouldn't be
even possible. You could still exploit argument injection, but that's
less exciting.)
--
Jakub Wilk
More information about the devscripts-devel
mailing list