diff --git a/vfs/ChangeLog b/vfs/ChangeLog index ba2010a32..0ba13acc2 100644 --- a/vfs/ChangeLog +++ b/vfs/ChangeLog @@ -1,3 +1,13 @@ +2004-08-22 Leonard den Ottolander + + * vfs/extfs/a.in: Quote parameters to calls to system/open that spawn + a shell. + * vfs/extfs/apt.in: Likewise. + * vfs/extfs/debd.in: Likewise. + * vfs/extfs/dpkg.in: Likewise. + * vfs/extfs/deba.in: Clean up earlier fixes to quotation of parameters. + * vfs/extfs/deb.in: Likewise. + 2004-08-24 Roland Illig * extfs.c (extfs_internal_stat): Fixed memory leaks introduced diff --git a/vfs/extfs/a.in b/vfs/extfs/a.in index cdf0df3a0..579441cb6 100644 --- a/vfs/extfs/a.in +++ b/vfs/extfs/a.in @@ -8,6 +8,13 @@ # # These mtools components must be in PATH for this to work + +sub quote { + $_ = shift(@_); + s/([^\w\/.+-])/\\$1/g; + return($_); +} + $mmd = "mmd"; $mrd = "mrd"; $mdel = "mdel"; @@ -15,7 +22,7 @@ $mdir = "mdir -a"; $mcopy = "mcopy -noQ"; $0 =~ s|.*/||; -$disk = $0; +$qdisk = quote($0); $ENV{MTOOLS_DATE_STRING} = "mm-dd-yyyy"; $ENV{MTOOLS_TWENTY_FOUR_HOUR_CLOCK} = "1"; @@ -29,29 +36,36 @@ SWITCH: for ( $ARGV[0] ) { /mkdir/ && do { shift; shift; exit 1 if scalar(@ARGV) != 1; - system("$mmd $disk:/$ARGV[0] >/dev/null"); + $qname = quote($ARGV[0]); + system("$mmd $qdisk:/$qname >/dev/null"); exit 0; }; /rmdir/ && do { shift; shift; exit 1 if scalar(@ARGV) != 1; - system("$mrd $disk:/$ARGV[0] >/dev/null"); + $qname = quote($ARGV[0]); + system("$mrd $qdisk:/$qname >/dev/null"); exit 0; }; /rm/ && do { shift; shift; exit 1 if scalar(@ARGV) != 1; - system("$mdel $disk:/$ARGV[0] >/dev/null"); + $qname = quote($ARGV[0]); + system("$mdel $qdisk:/$qname >/dev/null"); exit 0; }; /copyout/ && do { shift; shift; exit 1 if scalar(@ARGV) != 2; - ( $src, $dest ) = @ARGV; - system("$mcopy $disk:/$src $dest >/dev/null"); + ( $qsrc, $qdest ) = @ARGV; + $qsrc = quote($qsrc); + $qdest = quote($qdest); + system("$mcopy $qdisk:/$qsrc $qdest >/dev/null"); exit 0; }; /copyin/ && do { shift; shift; exit 1 if scalar(@ARGV) != 2; - ( $dest, $src ) = @ARGV; - system("$mcopy $src $disk:/$dest >/dev/null"); + ( $qdest, $qsrc ) = @ARGV; + $qsrc = quote($qsrc); + $qdest = quote($qdest); + system("$mcopy $qsrc $qdisk:/$qdest >/dev/null"); exit 0; }; /.*/ && do { # an unfamiliar command exit 1; }; @@ -59,11 +73,11 @@ SWITCH: for ( $ARGV[0] ) { sub get_dirs { my ($path, $name, $size, $date, $time, $longname, @lst, @rv); - $path = shift(@_); + my $qpath = quote($path); @rv = (); - open(FILE,"$mdir $disk:/$path |"); + open(FILE,"$mdir $qdisk:/$qpath |"); while ( ) { chomp(); /^ / && next; # ignore `non-file' lines diff --git a/vfs/extfs/apt.in b/vfs/extfs/apt.in index 553045810..60011e675 100644 --- a/vfs/extfs/apt.in +++ b/vfs/extfs/apt.in @@ -6,6 +6,12 @@ # # apt +sub quote { + $_ = shift(@_); + s/([^\w\/.+-])/\\$1/g; + return($_); +} + sub bt { my ($dt) = @_; @@ -229,14 +235,16 @@ sub list sub copyout { my($archive,$filename) = @_; + my $qarchive = quote($archive); + my $qfilename = quote($filename); if( $archive eq 'CHECK' ) { - system("apt-get -q check > $filename"); + system("apt-get -q check > $qfilename"); } elsif( $archive eq 'AVAILABLE' ) { - system("apt-cache dumpavail > $filename"); + system("apt-cache dumpavail > $qfilename"); } elsif( $archive eq 'STATS' ) { - system("apt-cache stats > $filename"); + system("apt-cache stats > $qfilename"); } elsif( $archive eq 'CONFIG' ) { - system("(apt-config dump 2>&1) > $filename"); + system("(apt-config dump 2>&1) > $qfilename"); } elsif( $archive eq 'UPDATE' ) { open O, ">$filename"; print O $pressupdate; @@ -246,12 +254,12 @@ sub copyout print O $pressupgrade; close O; } elsif( $archive eq 'apt.conf' ) { - system("cp /etc/apt/apt.conf $filename"); + system("cp /etc/apt/apt.conf $qfilename"); } elsif( $archive eq 'sources.list' ) { - system("cp /etc/apt/sources.list $filename"); + system("cp /etc/apt/sources.list $qfilename"); } elsif( $archive =~ /^CACHE\// ) { $archive =~ s%^CACHE/%/var/cache/apt/archives/%; - system("cp $archive $filename"); + system("cp $qarchive $qfilename"); } else { open O, ">$filename"; print O $archive, "\n"; @@ -262,15 +270,17 @@ sub copyout sub copyin { my($archive,$filename) = @_; + my $qarchive = quote($archive); + my $qfilename = quote($filename); if( $archive =~ /\.deb$/ ) { - system("dpkg -i $filename>/dev/null"); + system("dpkg -i $qfilename>/dev/null"); } elsif( $archive eq 'apt.conf' ) { - system("cp $filename /etc/apt/apt.conf"); + system("cp $qfilename /etc/apt/apt.conf"); } elsif( $archive eq 'sources.list' ) { - system("cp $filename /etc/apt/sources.list"); + system("cp $qfilename /etc/apt/sources.list"); } elsif( $archive =~ /^CACHE\// ) { - $archive =~ s%^CACHE/%/var/cache/apt/archives/%; - system("cp $filename $archive"); + $qarchive =~ s%^CACHE/%/var/cache/apt/archives/%; + system("cp $qfilename $qarchive"); } else { die "extfs: cannot create regular file \`$archive\': Permission denied\n"; } @@ -293,19 +303,20 @@ sub run sub rm { my($archive) = @_; + my $qarchive = quote($archive); if( $archive =~ /^CACHE\// ) { - $archive =~ s%^CACHE/%/var/cache/apt/archives/%; - system("rm -f $archive"); + $qarchive =~ s%^CACHE/%/var/cache/apt/archives/%; + system("rm -f $qarchive"); } elsif( $archive eq 'apt.conf' ) { system("rm -f /etc/apt/apt.conf"); } elsif( $archive eq 'sources.list' ) { system("rm -f /etc/apt/sources.list"); } elsif( $archive =~ /\.debd?$/ ) { # uncommented and changed to use dpkg - alpha - my $name = $archive; - $name =~ s%.*/%%g; - $name =~ s%_.*%%g; - system("dpkg --remove $name >/dev/null"); + my $qname = $qarchive; + $qname =~ s%.*/%%g; + $qname =~ s%_.*%%g; + system("dpkg --remove $qname >/dev/null"); die("extfs: $archive: Operation not permitted\n") if $? != 0; } else { die "extfs: $archive: Operation not permitted\n"; diff --git a/vfs/extfs/deb.in b/vfs/extfs/deb.in index eb7598f88..c79b653b6 100644 --- a/vfs/extfs/deb.in +++ b/vfs/extfs/deb.in @@ -19,6 +19,12 @@ # Copyright (C) 1997 Free Software Foundation # +sub quote { + $_ = shift(@_); + s/([^\w\/.+-])/\\$1/g; + return($_); +} + sub mcdebfs_list { # @@ -26,8 +32,7 @@ sub mcdebfs_list # Empty directories do not appear at all # local($archivename)=@_; - local $qarchivename = $archivename; - $qarchivename =~ s/([^\w\/.+-])/\\$1/g; + local $qarchivename = quote($archivename); chop($date=`LC_ALL=C date "+%b %d %Y %H:%M"`); chop($info_size=`dpkg -I $qarchivename | wc -c`); $install_size=length($pressinstall); @@ -111,12 +116,9 @@ sub mcdebfs_list sub mcdebfs_copyout { local($archive,$filename,$destfile)=@_; - local $qarchive = $archive; - $qarchive =~ s/([^\w\/.+-])/\\$1/g; - local $qfilename = $filename; - $qfilename =~ s/([^\w\/.+-])/\\$1/g; - local $qdestfile = $destfile; - $qdestfile =~ s/([^\w\/.+-])/\\$1/g; + local $qarchive = quote($archive); + local $qfilename = quote($filename); + local $qdestfile = quote($destfile); if($filename eq "INFO") { @@ -125,7 +127,7 @@ sub mcdebfs_copyout } elsif($filename =~ /^DEBIAN/) { - $filename=~s!^DEBIAN/!!; + $qfilename=~s!^DEBIAN/!!; system("dpkg-deb -I $qarchive $qfilename > $qdestfile"); # end from Patrik Rak @@ -142,7 +144,7 @@ sub mcdebfs_copyout else { # files can be prepended with ./ or not, depending on the version of tar - $filename=~s!^CONTENTS/!!; + $qfilename=~s!^CONTENTS/!!; system("dpkg-deb --fsys-tarfile $qarchive | tar xOf - $qfilename ./$qfilename > $qdestfile 2>/dev/null"); } } @@ -150,8 +152,7 @@ sub mcdebfs_copyout sub mcdebfs_run { local($archive,$filename)=@_; - local $qarchive = $archive; - $qarchive =~ s/([^\w\/.+-])/\\$1/g; + local $qarchive = quote($archive); if($filename eq "INSTALL") { print "Installing $archive\n"; diff --git a/vfs/extfs/deba.in b/vfs/extfs/deba.in index 15530b3f2..451718fd9 100644 --- a/vfs/extfs/deba.in +++ b/vfs/extfs/deba.in @@ -6,10 +6,16 @@ # # deba +sub quote { + $_ = shift(@_); + s/([^\w\/.+-])/\\$1/g; + return($_); +} + sub list { my($qarchive)=@_; - $qarchive =~ s/([^\w\/.+-])/\\$1/g; + $qarchive = quote($qarchive); chop($date=`LC_ALL=C date "+%b %d %Y %H:%M"`); chop($info_size=`apt-cache show $qarchive | wc -c`); $install_size=length($pressinstall); @@ -29,10 +35,8 @@ sub list sub copyout { my($archive,$filename,$destfile)=@_; - my $qarchive = $archive; - $qarchive =~ s/([^\w\/.+-])/\\$1/g; - my $qdestfile = $destfile; - $qdestfile =~ s/([^\w\/.+-])/\\$1/g; + my $qarchive = quote($archive); + my $qdestfile = quote($destfile); if($filename eq "INFO") { system("apt-cache show $qarchive > $qdestfile"); } elsif($filename eq "INSTALL") { @@ -55,8 +59,7 @@ sub copyout sub run { my($archive,$filename)=@_; - my $qarchive = $archive; - $qarchive =~ s/([^\w\/.+-])/\\$1/g; + my $qarchive = quote($archive); if($filename eq "INSTALL") { system("apt-get install $qarchive"); } elsif($filename eq "UPGRADE") { diff --git a/vfs/extfs/debd.in b/vfs/extfs/debd.in index ad8e4da64..d06be1f45 100644 --- a/vfs/extfs/debd.in +++ b/vfs/extfs/debd.in @@ -6,6 +6,12 @@ # # debd +sub quote { + $_ = shift(@_); + s/([^\w\/.+-])/\\$1/g; + return($_); +} + sub bt { my ($dt) = @_; @@ -102,8 +108,9 @@ sub ls { sub list { my($archive)=@_; + my $qarchive = quote($archive); chop($date=`LC_ALL=C date "+%b %d %Y %H:%M"`); - chop($info_size=`dpkg -s $archive | wc -c`); + chop($info_size=`dpkg -s $qarchive | wc -c`); $repack_size=length($pressrepack); $reinstall_size=length($pressreinstall); $remove_size=length($pressremove); @@ -118,7 +125,7 @@ sub list print "-r--r--r-- 1 root root $info_size $date INFO\n"; print "-r-xr--r-- 1 root root $purge_size $date DPKG-PURGE\n"; - chop($status = `dpkg -s $archive | grep ^Status`); + chop($status = `dpkg -s $qarchive | grep ^Status`); if( $status =~ /deinstall/ ) { print "-r-xr--r-- 1 root root $select_size $date DPKG-SELECT\n"; } elsif( $status =~ /install/ ) { @@ -141,7 +148,7 @@ sub list - if ( open(PIPEIN, "LANG=C ls -l /var/lib/dpkg/info/$archive.* |") ) { + if ( open(PIPEIN, "LANG=C ls -l /var/lib/dpkg/info/$qarchive.* |") ) { while() { chop; next if /\.list$/; @@ -163,35 +170,38 @@ sub list sub copyout { my($archive,$filename,$destfile)=@_; + my $qarchive = quote($archive); + my $qfilename = quote($filename); + my $qdestfile = quote($destfile); if($filename eq "INFO") { - system("dpkg -s $archive > $destfile"); + system("dpkg -s $qarchive > $qdestfile"); } elsif($filename eq "DPKG-REPACK") { if ( open(FILEOUT,">$destfile") ) { print FILEOUT $pressrepack; close FILEOUT; - system("chmod a+x $destfile"); + system("chmod a+x $qdestfile"); } } elsif($filename =~ /^DEBIAN/) { $filename=~s!^DEBIAN/!!; - system("cat /var/lib/dpkg/info/$archive.$filename > $destfile"); + system("cat /var/lib/dpkg/info/$qarchive.$qfilename > $qdestfile"); } elsif($filename eq "DPKG-REMOVE" || $filename eq "APT-REMOVE") { if ( open(FILEOUT,">$destfile") ) { print FILEOUT $pressremove; close FILEOUT; - system("chmod a+x $destfile"); + system("chmod a+x $qdestfile"); } } elsif($filename eq "DPKG-PURGE" || $filename eq "APT-PURGE") { if ( open(FILEOUT,">$destfile") ) { print FILEOUT $presspurge; close FILEOUT; - system("chmod a+x $destfile"); + system("chmod a+x $qdestfile"); } } elsif($filename eq "DPKG-RECONFIGURE") { if ( open(FILEOUT,">$destfile") ) { print FILEOUT $pressreconfigure; close FILEOUT; - system("chmod a+x $destfile"); + system("chmod a+x $qdestfile"); } } elsif($filename eq "APT-REINSTALL") { if ( open(FILEOUT,">$destfile") ) { @@ -209,41 +219,43 @@ sub copyout if ( open(FILEOUT,">$destfile") ) { print FILEOUT $pressunselect; close FILEOUT; - system("chmod a+x $destfile"); + system("chmod a+x $qdestfile"); } } else { - $filename=~s!^CONTENTS!!; - system("cat $filename > $destfile"); + $qfilename=~s!^CONTENTS!!; + system("cat $qfilename > $qdestfile"); } } sub run { my($archive,$filename)=@_; + my $qarchive = quote($archive); + my $qfilename = quote($filename); if($filename eq "DPKG-REMOVE") { - system("dpkg --remove $archive"); + system("dpkg --remove $qarchive"); } elsif($filename eq "APT-REMOVE") { - system("apt-get remove $archive"); + system("apt-get remove $qarchive"); } elsif($filename eq "DPKG-PURGE") { - system("dpkg --purge $archive"); + system("dpkg --purge $qarchive"); } elsif($filename eq "APT-PURGE") { - system("apt-get --purge remove $archive"); + system("apt-get --purge remove $qarchive"); } elsif($filename eq "DPKG-REPACK") { - system("dpkg-repack $archive"); + system("dpkg-repack $qarchive"); } elsif($filename eq "DPKG-SELECT") { - system("echo $archive install | dpkg --set-selections"); + system("echo $aqrchive install | dpkg --set-selections"); } elsif($filename eq "DPKG-UNSELECT") { - system("echo $archive deinstall | dpkg --set-selections"); + system("echo $qarchive deinstall | dpkg --set-selections"); } elsif($filename eq "APT-REINSTALL") { - system("apt-get -u --reinstall install $archive"); + system("apt-get -u --reinstall install $qarchive"); } elsif($filename eq "DPKG-RECONFIGURE") { - system("dpkg-reconfigure $archive"); + system("dpkg-reconfigure $qarchive"); } elsif($filename=~/^DEBIAN/) { $filename=~s!^DEBIAN!!; - system("/var/lib/dpkg/info/$archive.$filename"); + system("/var/lib/dpkg/info/$qarchive.$qfilename"); } else { - $filename=~s!^CONTENTS!!; - system($filename); + $qfilename=~s!^CONTENTS!!; + system($qfilename); } } diff --git a/vfs/extfs/dpkg.in b/vfs/extfs/dpkg.in index 3e98793d0..048862ee5 100644 --- a/vfs/extfs/dpkg.in +++ b/vfs/extfs/dpkg.in @@ -6,6 +6,12 @@ # # dpkg +sub quote { + $_ = shift(@_); + s/([^\w\/.+-])/\\$1/g; + return($_); +} + sub bt { my ($dt) = @_; @@ -183,20 +189,21 @@ sub list sub copyout { my($archive,$filename) = @_; + my $qfilename = quote($filename); if( $archive eq 'DIVERSIONS' ) { - system("dpkg-divert --list > $filename 2>/dev/null"); + system("dpkg-divert --list > $qfilename 2>/dev/null"); } elsif( $archive eq 'ARCHITECTURE' ) { - system("dpkg-architecture > $filename 2>/dev/null"); + system("dpkg-architecture > $qfilename 2>/dev/null"); } elsif( $archive eq 'LIST' ) { - system("dpkg -l '*' > $filename 2>/dev/null"); + system("dpkg -l '*' > $qfilename 2>/dev/null"); } elsif( $archive eq 'AUDIT' ) { - system("dpkg --audit > $filename 2>/dev/null"); + system("dpkg --audit > $qfilename 2>/dev/null"); } elsif( $archive eq 'GET-SELECTIONS' ) { - system("dpkg --get-selections > $filename 2>/dev/null"); + system("dpkg --get-selections > $qfilename 2>/dev/null"); } elsif( $archive eq 'STATUS' ) { - system("cp /var/lib/dpkg/status $filename"); + system("cp /var/lib/dpkg/status $qfilename"); } elsif( $archive eq 'AVAILABLE' ) { - system("cp /var/lib/dpkg/available $filename"); + system("cp /var/lib/dpkg/available $qfilename"); } elsif( $archive eq 'CONFIGURE' ) { open O, ">$filename"; print O $pressconfigure; @@ -224,8 +231,9 @@ sub copyout sub copyin { my($archive,$filename) = @_; + my $qfilename = quote($filename); if( $archive =~ /\.deb$/ ) { - system("dpkg -i $filename>/dev/null"); + system("dpkg -i $qfilename>/dev/null"); } else { die "extfs: cannot create regular file \`$archive\': Permission denied\n"; } @@ -252,12 +260,12 @@ sub rm_disabled { my($archive) = @_; if( $archive =~ /\.debd?$/ ) { - my $name = $archive; - $name =~ s%.*/%%g; - $name =~ s%_.*%%g; - system("if dpkg -s $name | grep ^Status | grep -qs config-files; \ - then dpkg --purge $name>/dev/null; \ - else dpkg --remove $name>/dev/null; fi"); + my $qname = quote($archive); + $qname =~ s%.*/%%g; + $qname =~ s%_.*%%g; + system("if dpkg -s $qname | grep ^Status | grep -qs config-files; \ + then dpkg --purge $qname>/dev/null; \ + else dpkg --remove $qname>/dev/null; fi"); die("extfs: $archive: Operation not permitted\n") if $? != 0; } else { die "extfs: $archive: Operation not permitted\n";