[build-path-prefix-map-spec] 26/50: Don't allow unsupported %-sequences

Ximin Luo infinity0 at debian.org
Fri Mar 10 15:17:20 UTC 2017 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository build-path-prefix-map-spec.

commit 8bb20184d106732a64c005546d1d08ca36e7c011
Author: Ximin Luo <infinity0 at debian.org>
Date:   Mon Feb 13 15:57:47 2017 +0100

    Don't allow unsupported %-sequences
---
 consume/pecsplit.c                                     |  3 +++
 consume/pecsplit.js                                    |  3 ++-
 consume/pecsplit.py                                    |  2 ++
 consume/pecsplit.rs                                    | 18 ++++++++++++------
 consume/testcases/pecsplit.0.long-pc.env               |  1 -
 consume/testcases/pecsplit.0.long-pc.in                |  4 ----
 consume/testcases/pecsplit.0.long-pc.out               |  4 ----
 consume/testcases/pecsplit.0.non-utf8.env              |  2 +-
 consume/testcases/pecsplit.0.plain-pc.in               |  3 ---
 consume/testcases/pecsplit.0.plain-pc.out              |  3 ---
 consume/testcases/pecsplit.0.short-pc.in               |  4 ----
 consume/testcases/pecsplit.0.short-pc.out              |  4 ----
 consume/testcases/pecsplit.1.long-pc.env               |  1 +
 ...pecsplit.0.allbytes-ok.in => pecsplit.1.long-pc.in} |  0
 ...plit.1.many-=-not-ok.out => pecsplit.1.long-pc.out} |  0
 ...pecsplit.0.plain-pc.env => pecsplit.1.plain-pc.env} |  0
 ...ecsplit.0.allbytes-ok.in => pecsplit.1.plain-pc.in} |  0
 ...lit.1.many-=-not-ok.out => pecsplit.1.plain-pc.out} |  0
 ...pecsplit.0.short-pc.env => pecsplit.1.short-pc.env} |  0
 ...ecsplit.0.allbytes-ok.in => pecsplit.1.short-pc.in} |  0
 ...lit.1.many-=-not-ok.out => pecsplit.1.short-pc.out} |  0
 21 files changed, 21 insertions(+), 31 deletions(-)

diff --git a/consume/pecsplit.c b/consume/pecsplit.c
index 73fbf91..bc4d955 100644
--- a/consume/pecsplit.c
+++ b/consume/pecsplit.c
@@ -23,6 +23,9 @@ unquote (char *src)
 	  unquoted:
 	  case 'p':
 	    ++src;
+	    break;
+	  default:
+	    return 0; // invalid
 	  }
       }
   return 1;
diff --git a/consume/pecsplit.js b/consume/pecsplit.js
index 68cf460..d22f22a 100755
--- a/consume/pecsplit.js
+++ b/consume/pecsplit.js
@@ -1,13 +1,14 @@
 #!/usr/bin/nodejs
 
 var unquote = function(x) {
+    if (x.search(/%[^pec]|%$/) >= 0) throw "invalid value: bad escape: " + x;
     return x.replace(/%c/g, ':').replace(/%e/g, '=').replace(/%p/g, '%');
 };
 
 var parse_prefix_map = function(x) {
     return (x || "").split(/:/g).filter(Boolean).map(function(part) {
         var tuples = part.split(/=/g).map(unquote);
-        if (tuples.length !== 2) throw "invalid value: " + x;
+        if (tuples.length !== 2) throw "invalid value: not a pair: " + pair;
         return tuples;
     });
 };
diff --git a/consume/pecsplit.py b/consume/pecsplit.py
index fdf6a1d..b04a79d 100755
--- a/consume/pecsplit.py
+++ b/consume/pecsplit.py
@@ -1,11 +1,13 @@
 #!/usr/bin/python3
 
+import re
 import os
 import sys
 
 # Parsing the variable
 
 def _dequote(part):
+    if re.search(r"%[^pec]|%$", part): raise ValueError("bad escape: %s" % part)
     return part.replace("%c", ':').replace("%e", '=').replace("%p", '%');
 
 def decode(prefix_str):
diff --git a/consume/pecsplit.rs b/consume/pecsplit.rs
index 0c57390..82da677 100644
--- a/consume/pecsplit.rs
+++ b/consume/pecsplit.rs
@@ -9,7 +9,9 @@ fn pathbuf_to_u8(path: &PathBuf) -> &[u8] {
 }
 
 /* the polymorphism is to handle u8 (POSIX) and u16 (windows) */
-fn dequote<T>(s: &[T]) -> Vec<T> where u16: From<T>, T: From<u8>, T: Copy {
+fn dequote<T>(s: &[T]) -> Result<Vec<T>, &'static str> where u16: From<T>, T: From<u8>, T: Copy {
+  // unfortunately we can't do sting-replace on arbitrary Vecs
+  // s.replace("%c", ':').replace("%e", '=').replace("%p", '%')
   let mut v = Vec::with_capacity(s.len());
   let mut escaped = false;
   for c in s {
@@ -23,14 +25,18 @@ fn dequote<T>(s: &[T]) -> Vec<T> where u16: From<T>, T: From<u8>, T: Copy {
           0x70 /* p */ => { v.pop(); v.pop(); v.push(T::from(b'%')) },
           0x65 /* e */ => { v.pop(); v.pop(); v.push(T::from(b'=')) },
           0x63 /* c */ => { v.pop(); v.pop(); v.push(T::from(b':')) },
-          _ => (),
+          _ => break // to the "Err" clause
         }
       }
     }
     escaped = c16 == 0x25
   }
-  v.shrink_to_fit();
-  v
+  if escaped {
+    Err("invalid %-escape sequence")
+  } else {
+    v.shrink_to_fit();
+    Ok(v)
+  }
 }
 
 fn decode(prefix_str: Option<OsString>) -> Result<Vec<(PathBuf, PathBuf)>, &'static str> {
@@ -46,8 +52,8 @@ fn decode(prefix_str: Option<OsString>) -> Result<Vec<(PathBuf, PathBuf)>, &'sta
         Err("either too few or too many '='")
       } else {
         // TODO: windows
-        let src = OsString::from_vec(dequote(tuple[0]));
-        let dst = OsString::from_vec(dequote(tuple[1]));
+        let src = OsString::from_vec(try!(dequote(tuple[0])));
+        let dst = OsString::from_vec(try!(dequote(tuple[1])));
         Ok((PathBuf::from(src), PathBuf::from(dst)))
       }
     })
diff --git a/consume/testcases/pecsplit.0.long-pc.env b/consume/testcases/pecsplit.0.long-pc.env
deleted file mode 100644
index ee395af..0000000
--- a/consume/testcases/pecsplit.0.long-pc.env
+++ /dev/null
@@ -1 +0,0 @@
-/a/b%eyyy=ERROR:/a=lol%p%:/b%p=foo%%%%p+%:/a/b%eyyy=secreteh
diff --git a/consume/testcases/pecsplit.0.long-pc.in b/consume/testcases/pecsplit.0.long-pc.in
deleted file mode 100644
index d8d7867..0000000
--- a/consume/testcases/pecsplit.0.long-pc.in
+++ /dev/null
@@ -1,4 +0,0 @@
-/a/d
-/b/1234
-/b%/1234
-/a/b=yyy/xxx
diff --git a/consume/testcases/pecsplit.0.long-pc.out b/consume/testcases/pecsplit.0.long-pc.out
deleted file mode 100644
index cd847e5..0000000
--- a/consume/testcases/pecsplit.0.long-pc.out
+++ /dev/null
@@ -1,4 +0,0 @@
-lol%%/d
-/b/1234
-foo%%%%+%/1234
-secreteh/xxx
diff --git a/consume/testcases/pecsplit.0.non-utf8.env b/consume/testcases/pecsplit.0.non-utf8.env
index bdfa2a4..5215f13 100644
--- a/consume/testcases/pecsplit.0.non-utf8.env
+++ b/consume/testcases/pecsplit.0.non-utf8.env
@@ -1 +1 @@
-/a/b%eyyy=result�:/a=lol%p%:/b%p=foo%p%p:/a/b%eyyy=result�:/a/b%eyyy�=sec%creteh
+/a/b%eyyy=result�:/a=lol%p%p:/b%p=foo%p%p:/a/b%eyyy=result�:/a/b%eyyy�=sec%creteh
diff --git a/consume/testcases/pecsplit.0.plain-pc.in b/consume/testcases/pecsplit.0.plain-pc.in
deleted file mode 100644
index eb23270..0000000
--- a/consume/testcases/pecsplit.0.plain-pc.in
+++ /dev/null
@@ -1,3 +0,0 @@
-/a/d
-/b/1234
-/a/b%?yyy/xxx
diff --git a/consume/testcases/pecsplit.0.plain-pc.out b/consume/testcases/pecsplit.0.plain-pc.out
deleted file mode 100644
index ae70991..0000000
--- a/consume/testcases/pecsplit.0.plain-pc.out
+++ /dev/null
@@ -1,3 +0,0 @@
-lol/d
-foo/1234
-secrete%h/xxx
diff --git a/consume/testcases/pecsplit.0.short-pc.in b/consume/testcases/pecsplit.0.short-pc.in
deleted file mode 100644
index 1d712d5..0000000
--- a/consume/testcases/pecsplit.0.short-pc.in
+++ /dev/null
@@ -1,4 +0,0 @@
-/a/d
-/b/1234
-/b%/1234
-/a/b=yyy%/xxx
diff --git a/consume/testcases/pecsplit.0.short-pc.out b/consume/testcases/pecsplit.0.short-pc.out
deleted file mode 100644
index 1ea2a3c..0000000
--- a/consume/testcases/pecsplit.0.short-pc.out
+++ /dev/null
@@ -1,4 +0,0 @@
-lol%%/d
-/b/1234
-foo%%/1234
-sec:reteh/xxx
diff --git a/consume/testcases/pecsplit.1.long-pc.env b/consume/testcases/pecsplit.1.long-pc.env
new file mode 100644
index 0000000..c77c65e
--- /dev/null
+++ b/consume/testcases/pecsplit.1.long-pc.env
@@ -0,0 +1 @@
+/a/b%eyyy=ERROR:/a=lol%p:/b%p=foo%%%%p+:/a/b%eyyy=secreteh
diff --git a/consume/testcases/pecsplit.0.allbytes-ok.in b/consume/testcases/pecsplit.1.long-pc.in
similarity index 100%
copy from consume/testcases/pecsplit.0.allbytes-ok.in
copy to consume/testcases/pecsplit.1.long-pc.in
diff --git a/consume/testcases/pecsplit.1.many-=-not-ok.out b/consume/testcases/pecsplit.1.long-pc.out
similarity index 100%
copy from consume/testcases/pecsplit.1.many-=-not-ok.out
copy to consume/testcases/pecsplit.1.long-pc.out
diff --git a/consume/testcases/pecsplit.0.plain-pc.env b/consume/testcases/pecsplit.1.plain-pc.env
similarity index 100%
rename from consume/testcases/pecsplit.0.plain-pc.env
rename to consume/testcases/pecsplit.1.plain-pc.env
diff --git a/consume/testcases/pecsplit.0.allbytes-ok.in b/consume/testcases/pecsplit.1.plain-pc.in
similarity index 100%
copy from consume/testcases/pecsplit.0.allbytes-ok.in
copy to consume/testcases/pecsplit.1.plain-pc.in
diff --git a/consume/testcases/pecsplit.1.many-=-not-ok.out b/consume/testcases/pecsplit.1.plain-pc.out
similarity index 100%
copy from consume/testcases/pecsplit.1.many-=-not-ok.out
copy to consume/testcases/pecsplit.1.plain-pc.out
diff --git a/consume/testcases/pecsplit.0.short-pc.env b/consume/testcases/pecsplit.1.short-pc.env
similarity index 100%
rename from consume/testcases/pecsplit.0.short-pc.env
rename to consume/testcases/pecsplit.1.short-pc.env
diff --git a/consume/testcases/pecsplit.0.allbytes-ok.in b/consume/testcases/pecsplit.1.short-pc.in
similarity index 100%
copy from consume/testcases/pecsplit.0.allbytes-ok.in
copy to consume/testcases/pecsplit.1.short-pc.in
diff --git a/consume/testcases/pecsplit.1.many-=-not-ok.out b/consume/testcases/pecsplit.1.short-pc.out
similarity index 100%
copy from consume/testcases/pecsplit.1.many-=-not-ok.out
copy to consume/testcases/pecsplit.1.short-pc.out

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/build-path-prefix-map-spec.git

More information about the Reproducible-commits mailing list