[debsums] 179/184: Fix accessing files in the host filesystem while checking an alt. --root + following abs. links

Mon Mar 2 21:21:30 UTC 2015

This is an automated email from the git hooks/post-receive script.

abe pushed a commit to branch master
in repository debsums.

commit a01dbf49d7ccfc8d518b5218b0dee51eb5aa3ecc
Author: Andreas Beckmann <anbe at debian.org>
Date:   Sat Feb 7 00:54:52 2015 +0100

    Fix accessing files in the host filesystem while checking an alt. --root + following abs. links
    
    Closes: #689202
    
    Manually resolve symlinks without escaping the --root directory and
    open the resolved path instead of the original one.
---
 debian/changelog |  7 +++++++
 debsums          | 29 +++++++++++++++++++++++++++--
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index f314776..4abb7b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 debsums (2.1~dev) UNRELEASED; urgency=medium
 
+  [ Axel Beckert ]
   * Take package under maintenance of the Debian Perl Group
     + Move Maintainer to Uploaders
     + Set Maintainer to the Debian Perl Group
@@ -25,6 +26,12 @@ debsums (2.1~dev) UNRELEASED; urgency=medium
     + Exit with highest exit code of any of its child debsums processes
       exited. (Closes: #711560)
 
+  [ Andreas Beckmann ]
+  * Fix accessing files in the host root filesystem (/) while checking an
+    alternate --root and following absolute symlinks.  (Closes: #689202)
+    Manually resolve symlinks without escaping the --root directory and open
+    the resolved path instead of the original one.
+
  -- Axel Beckert <abe at debian.org>  Fri, 06 Feb 2015 23:50:20 +0100
 
 debsums (2.0.52+nmu3) unstable; urgency=medium
diff --git a/debsums b/debsums
index 8dec26c..8509e0c 100755
--- a/debsums
+++ b/debsums
@@ -381,6 +381,30 @@ sub is_localepurge_file {
     return length($locale) && !$locales{$locale};
 }
 
+# resolve symlinks without escaping $root
+sub resolve_path {
+    my $path = shift;
+    my @tokens = split(/\//, $path);
+    my @parts = ();
+    while (@tokens) {
+	my $token = shift @tokens;
+	next if $token eq '.' || $token eq '';
+	if ($token eq '..') {
+		pop @parts;
+		next;
+	}
+	my $fp = $root . '/' . join('/', @parts) . '/' . $token;
+	if (-l $fp) {
+	    my $link = readlink($fp);
+	    @parts = () if $link =~ /^\//;
+	    unshift @tokens, split(/\//, $link);
+	} else {
+	    push @parts, $token;
+	}
+    }
+    return join('/', @parts);
+}
+
 {
     my $width = ($ENV{COLUMNS} || 80) - 3;
     $width = 6 if $width < 6;
@@ -392,8 +416,9 @@ sub is_localepurge_file {
 	$path = $diversion{$path}[0] if exists $diversion{$path}
 	    and $diversion{$path}[1] ne $pack;
 
-	if ((!sysopen F, "$root/$path", O_RDONLY|O_NONBLOCK|$my_noatime) &&
-           (!sysopen F, "$root/$path", O_RDONLY|O_NONBLOCK))
+	my $resolved = resolve_path($path);
+	if ((!sysopen F, "$root/$resolved", O_RDONLY|O_NONBLOCK|$my_noatime) &&
+           (!sysopen F, "$root/$resolved", O_RDONLY|O_NONBLOCK))
 	{
 	    return 0 if $localepurge
                 and is_localepurge_file($path);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/debsums.git

