xbps-create: always sanitize gathered symlinks.

Added a new test case.

Close #199
This commit is contained in:
Juan RP 2019-12-27 23:05:07 +01:00
parent 166caab986
commit 67707657a4
2 changed files with 45 additions and 9 deletions

View File

@ -388,8 +388,9 @@ ftw_cb(const char *fpath, const struct stat *sb, const struct dirent *dir UNUSED
* which might be provided in another package. * which might be provided in another package.
* So let's use the same target. * So let's use the same target.
*/ */
xe->target = strdup(buf); xe->target = xbps_sanitize_path(buf);
xbps_dictionary_set_cstring(fileinfo, "target", buf); assert(xe->target);
xbps_dictionary_set_cstring(fileinfo, "target", xe->target);
} else { } else {
/* /*
* Sanitize destdir just in case. * Sanitize destdir just in case.
@ -397,10 +398,14 @@ ftw_cb(const char *fpath, const struct stat *sb, const struct dirent *dir UNUSED
if ((p2 = realpath(destdir, NULL)) == NULL) if ((p2 = realpath(destdir, NULL)) == NULL)
die("failed to sanitize destdir %s: %s", destdir, strerror(errno)); die("failed to sanitize destdir %s: %s", destdir, strerror(errno));
xe->target = strdup(p+strlen(p2));
xbps_dictionary_set_cstring(fileinfo, "target", p+strlen(p2)); p2 = strdup(p+strlen(p2));
free(p2); assert(p2);
xe->target = xbps_sanitize_path(p2);
assert(xe->target);
xbps_dictionary_set_cstring(fileinfo, "target", xe->target);
free(p); free(p);
free(p2);
} }
} else if (buf[0] != '/') { } else if (buf[0] != '/') {
/* relative path */ /* relative path */
@ -408,14 +413,17 @@ ftw_cb(const char *fpath, const struct stat *sb, const struct dirent *dir UNUSED
assert(p); assert(p);
dname = dirname(p); dname = dirname(p);
assert(dname); assert(dname);
xe->target = xbps_xasprintf("%s/%s", dname, buf);
p2 = xbps_xasprintf("%s/%s", dname, buf); p2 = xbps_xasprintf("%s/%s", dname, buf);
xbps_dictionary_set_cstring(fileinfo, "target", p2); assert(p2);
xe->target = xbps_sanitize_path(p2);
assert(xe->target);
xbps_dictionary_set_cstring(fileinfo, "target", xe->target);
free(p2); free(p2);
free(p); free(p);
} else { } else {
xe->target = strdup(buf); xe->target = xbps_sanitize_path(buf);
xbps_dictionary_set_cstring(fileinfo, "target", buf); assert(xe->target);
xbps_dictionary_set_cstring(fileinfo, "target", xe->target);
} }
assert(xe->target); assert(xe->target);
assert(xbps_dictionary_get(fileinfo, "target")); assert(xbps_dictionary_get(fileinfo, "target"));

View File

@ -58,6 +58,33 @@ symlink_relative_target_body() {
atf_check_equal $rv 0 atf_check_equal $rv 0
} }
atf_test_case symlink_sanitize
symlink_sanitize_head() {
atf_set "descr" "xbps-create(1): symlinks must be properly sanitized"
}
symlink_sanitize_body() {
mkdir -p repo pkg_A/usr/bin
ln -s //usr/bin pkg_A/bin
cd repo
xbps-create -A noarch -n foo-1.0_1 -s "foo pkg" ../pkg_A
atf_check_equal $? 0
cd ..
xbps-rindex -d -a repo/*.xbps
atf_check_equal $? 0
result="$(xbps-query -r root --repository=repo -f foo|tr -d '\n')"
expected="/bin -> /usr/bin"
rv=0
if [ "$result" != "$expected" ]; then
echo "result: $result"
echo "expected: $expected"
rv=1
fi
atf_check_equal $rv 0
}
atf_test_case symlink_relative_target_cwd atf_test_case symlink_relative_target_cwd
symlink_relative_target_cwd_head() { symlink_relative_target_cwd_head() {
@ -156,6 +183,7 @@ atf_init_test_cases() {
atf_add_test_case hardlinks_size atf_add_test_case hardlinks_size
atf_add_test_case symlink_relative_target atf_add_test_case symlink_relative_target
atf_add_test_case symlink_relative_target_cwd atf_add_test_case symlink_relative_target_cwd
atf_add_test_case symlink_sanitize
atf_add_test_case restore_mtime atf_add_test_case restore_mtime
atf_add_test_case reproducible_pkg atf_add_test_case reproducible_pkg
atf_add_test_case reject_fifo_file atf_add_test_case reject_fifo_file