[debsums] 02/03: protect against symlink loop (Closes: #822633) (LP: #1522563)
dod at debian.org
dod at debian.org
Wed Oct 26 09:06:38 UTC 2016
This is an automated email from the git hooks/post-receive script.
dod pushed a commit to branch master
in repository debsums.
commit 91b174673f55e3a4c7af61b121703c6568612468
Author: Dominique Dumont <dod at debian.org>
Date: Wed Oct 26 11:01:16 2016 +0200
protect against symlink loop (Closes: #822633) (LP: #1522563)
debsums should not hang even if handling bogus package
---
debsums | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/debsums b/debsums
index a1f1d40..25eac9c 100755
--- a/debsums
+++ b/debsums
@@ -425,8 +425,10 @@ sub is_localepurge_file {
# resolve symlinks without escaping $root
sub resolve_path {
my $path = shift;
+ my $package = shift;
my @tokens = split(/\//, $path);
my @parts = ();
+ my %seen;
while (@tokens) {
my $token = shift @tokens;
next if $token eq '.' || $token eq '';
@@ -435,6 +437,12 @@ sub resolve_path {
next;
}
my $fp = $root . '/' . join('/', @parts) . '/' . $token;
+ if ($seen{$fp}) {
+ warn "$self: Error: symlink loop detected in path '$path'. ",
+ "Please file a bug again $package.\n";
+ return $path; # give up
+ }
+ $seen{$fp} = 1;
if (-l $fp) {
my $link = readlink($fp);
@parts = () if $link =~ /^\//;
@@ -457,7 +465,7 @@ sub resolve_path {
$path = $diversion{$path}[0] if exists $diversion{$path}
and $diversion{$path}[1] ne $pack;
- my $resolved = resolve_path($path);
+ my $resolved = resolve_path($path,$pack);
if ((!sysopen F, "$root/$resolved", O_RDONLY|O_NONBLOCK|$my_noatime) &&
(!sysopen F, "$root/$resolved", O_RDONLY|O_NONBLOCK))
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/debsums.git
More information about the Pkg-perl-cvs-commits
mailing list