From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Tue, 25 Mar 2008 05:50:03 +0300 From: Alexey Tourbin To: ALT Devel discussion list Message-ID: <20080325025003.GJ31135@solemn.turbinal> Mail-Followup-To: ALT Devel discussion list References: <20080324230751.GD31135@solemn.turbinal> <20080324231320.GA21713@wo.int.altlinux.org> <20080324231747.GF31135@solemn.turbinal> <20080324232051.GC21713@wo.int.altlinux.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="v4FgCkd4vT7RadTR" Content-Disposition: inline In-Reply-To: <20080324232051.GC21713@wo.int.altlinux.org> Subject: Re: [devel] bad paths in rpm packages X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.10b3 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2008 02:50:07 -0000 Archived-At: List-Archive: List-Post: --v4FgCkd4vT7RadTR Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 25, 2008 at 02:20:51AM +0300, Dmitry V. Levin wrote: > > > > $ rpmpeek /ALT/Sisyphus/files/SRPMS/pear-core-1.6.2-alt6.src.rpm fg= rep /. pear-core.spec > > > > %pear_dir/.* > > >=20 > > > =EE=C1=C4=CF =D0=D2=CF=D3=D4=CF =C4=CF=C2=C1=D7=C9=D4=D8 =D0=D2=CF=D7= =C5=D2=CB=D5 =D7 rpm-build. > > > =E1=CE=C1=CC=CF=C7=C9=DE=CE=C1=D1 =D0=D2=CF=D7=C5=D2=CB=C1 =CE=C1 =D4= =CF, =DE=D4=CF =D7=D3=C5 =D0=D5=D4=C9 =CE=C1=DE=C9=CE=C1=C0=D4=D3=D1 =CF=D4= =CB=CF=D2=CE=D1, > > > =D4=C1=CD =D5=D6=C5 =C5=D3=D4=D8. =F4=C1=CB=C9=C5 =D0=C1=CB=C5=D4=D9= =D0=D2=CF=D3=D4=CF =CE=C5 =C4=CF=CC=D6=CE=D9 =D3=CF=C2=C9=D2=C1=D4=D8=D3= =D1. > >=20 > > =F0=CF=D3=CD=CF=D4=D2=C9 =D0=CF=D7=CE=C9=CD=C1=D4=C5=CC=D8=CE=C5=C5. > > =ED=CE=C5 =CB=C1=D6=C5=D4=D3=D1 =DC=D4=CF (=C5=DD=A3 =C9) =D0=D2=CF=C2= =CC=C5=CD=C1 =C7=CC=CF=C2=C1 =C4=CC=D1 %files. >=20 > =E5=DD=A3 =C9. =F3=CF=C2=D3=D4=D7=C5=CE=CE=CF, =D7=D3=D4=C1=CC =D7=CF=D0=D2=CF=D3, =CB=C1= =CB =CF=D0=D2=C5=C4=C5=CC=C9=D4=D8: =CB=C1=CB=CE=CF=CE=C9=DE=C5=CE =CC=C9 = =D0=D5=D4=D8, =C9=CC=C9 =CE=C5 =CB=C1=CE=CF=CE=C9=DE=C5=CE? =F0=D2=C9=DB=CC=CF=D3=D8 =CE= =C1=D0=C9=D3=C1=D4=D8 =C1=C8=D4=CF=CD=C1=D4 (=D3=CD. =CE=C9=D6=C5). =EE=CF =D4=D5=D4 =D7=D3=D0=CC=D9=CC=C1 =C4=D2=D5=C7=C1=D1 =D0=D2=CF=C2=CC= =C5=CD=C1: =D0=D5=D4=D8 =CD=CF=D6=C5=D4 =C2=D9=D4=D8 =CB=C1=CE=CF=CE=C9=DE= =C5=CE, =CE=CF =CE=C5 =CB=CF=DB=C5=D2=C5=CE. rpm =D0=CF=DA=D7=CF=CC=D1=C5=D4 =DA= =C1=D0=C1=CB=CF=D7=C1=D4=D8 =CE=C5=CB=CF=DB=C5=D2=CE=D9=CA =D0=D5=D4=D8: %install install -pD /dev/null %buildroot/etc/rc.d/init.d/functions ln -s rc.d/init.d %buildroot/etc/init.d %files /etc/init.d/functions $ rpm -bb test.spec=20 =2E.. warning: Installed (but unpackaged) file(s) found: /etc/init.d /etc/rc.d/init.d/functions Wrote: /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm $ rpm -qlvp /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm -rwxr-xr-x 1 root root 0 Mar 20 18:50 /etc/init.d/func= tions $ =EB=D5=C4=C1 =CE=C9 =CB=C9=CE=D8, =D7=D3=C0=C4=D5 =CB=CC=C9=CE. =E1 =D4=D9 =C7=CF=D7=CF=D2=C9=DB=D8 "=DA=C1=C7=C1=C4=CB=C1". commit 44a9bc68edcc01c08a2483dd90b2159fe9b35e36 Author: Alexey Tourbin Date: Tue Mar 25 05:33:59 2008 +0300 file.c (addFile): file path must be canonical (new function pathIsCanon= ical) diff --git a/build/files.c b/build/files.c index 114d575..35d34be 100644 --- a/build/files.c +++ b/build/files.c @@ -1487,6 +1487,66 @@ static /*@null@*/ FileListRec freeFileList(/*@only@*= / FileListRec fileList, return NULL; } =20 +/* Written by Alexey Tourbin! */ +static int pathIsCanonical(const char *path) +{ + enum { + ST_NONE, + ST_SLASH, + ST_SLASHDOT, + ST_SLASHDOTDOT + } state =3D ST_NONE; + const char *p =3D path; + while (1) { + int c =3D *p; + switch (c) { + case '/': + switch (state) { + case ST_SLASH: + case ST_SLASHDOT: + case ST_SLASHDOTDOT: + return 0; + default: + state =3D ST_SLASH; + break; + } + break; + case '.': + switch (state) { + case ST_SLASH: + state =3D ST_SLASHDOT; + break; + case ST_SLASHDOT: + state =3D ST_SLASHDOTDOT; + break; + default: + state =3D ST_NONE; + break; + } + break; + case '\0': + switch (state) { + case ST_SLASHDOT: + case ST_SLASHDOTDOT: + return 0; + case ST_SLASH: + if (p > path + 1) + return 0; + return 1; + default: + return 1; + } + break; + default: + state =3D ST_NONE; + break; + } + p++; + } + /* not reachable */ + return 0; +} + /** * Add a file to the package manifest. * @param fl package file tree walk data @@ -1553,6 +1613,13 @@ static int addFile(FileList fl, const char * diskURL, return RPMERR_BADSPEC; } =20 + if (!pathIsCanonical(fileURL)) { + rpmError(RPMERR_BADSPEC, + _("File path must be canonical: %s\n"), fileURL); + fl->processingFailed =3D 1; + return RPMERR_BADSPEC; + } + /* If we are using a prefix, validate the file */ if (!fl->inFtw && fl->prefix) { const char *prefixTest; --v4FgCkd4vT7RadTR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iEYEARECAAYFAkfoaFsACgkQfBKgtDjnu0Yd+wCeNd3cnOM9hOy5Cp2CMmbMu9gH pb4AnRoPrkaIHcTCghFaCWrVYpwhOhVV =63WG -----END PGP SIGNATURE----- --v4FgCkd4vT7RadTR--