[debsums] 02/03: protect against symlink loop (Closes: #822633) (LP: #1522563)

[dod at debian.org]

This is an automated email from the git hooks/post-receive script.

dod pushed a commit to branch master
in repository debsums.

commit 91b174673f55e3a4c7af61b121703c6568612468
Author: Dominique Dumont <dod at debian.org>
Date:   Wed Oct 26 11:01:16 2016 +0200

    protect against symlink loop (Closes: #822633) (LP: #1522563)
    
    debsums should not hang even if handling bogus package
---
 debsums | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/debsums b/debsums
index a1f1d40..25eac9c 100755
--- a/debsums
+++ b/debsums
@@ -425,8 +425,10 @@ sub is_localepurge_file {
 # resolve symlinks without escaping $root
 sub resolve_path {
     my $path = shift;
+    my $package = shift;
     my @tokens = split(/\//, $path);
     my @parts = ();
+    my %seen;
     while (@tokens) {
         my $token = shift @tokens;
         next if $token eq '.' || $token eq '';
@@ -435,6 +437,12 @@ sub resolve_path {
             next;
         }
         my $fp = $root . '/' . join('/', @parts) . '/' . $token;
+        if ($seen{$fp}) {
+            warn "$self: Error: symlink loop detected in path '$path'. ",
+                "Please file a bug again $package.\n";
+            return $path; # give up
+        }
+        $seen{$fp} = 1;
         if (-l $fp) {
             my $link = readlink($fp);
             @parts = () if $link =~ /^\//;
@@ -457,7 +465,7 @@ sub resolve_path {
         $path = $diversion{$path}[0] if exists $diversion{$path}
             and $diversion{$path}[1] ne $pack;
 
-        my $resolved = resolve_path($path);
+        my $resolved = resolve_path($path,$pack);
         if ((!sysopen F, "$root/$resolved", O_RDONLY|O_NONBLOCK|$my_noatime) &&
             (!sysopen F, "$root/$resolved", O_RDONLY|O_NONBLOCK))
         {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/debsums.git