From e6b04d9ffd8bef2482ab61957c138ae92527206d Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Wed, 13 Mar 2019 17:15:03 -0400 Subject: Protect [ commands from strings beginning with "-" --- diff --git a/TODO b/TODO index 1bb124c..f868293 100644 --- a/TODO +++ b/TODO @@ -6,7 +6,6 @@ General Cleanup * General code auditing and cleanup: - Protect against command operands beginning with "-", e.g.: - * `[ "x${foo}" = 'xbar' ]` instead of `[ "${foo}" = 'bar' ]` * `mkdir -p -- "${foo}"` instead of `mkdir -p "${foo}"` - Add more error handling. * Write manual pages for functions and utilities. diff --git a/lib/changelog.sh b/lib/changelog.sh index 56a53e7..c42c769 100644 --- a/lib/changelog.sh +++ b/lib/changelog.sh @@ -84,11 +84,11 @@ ob_parse_changelog() line_nr=$(($line_nr + 1)) case "${line}" in '') - if [ "${expect}" = 'start_changes' ]; then + if [ x"${expect}" = x'start_changes' ]; then changes="${changes}${_OB_LF}${line}" - elif [ "${expect}" = 'next_or_eof' ]; then + elif [ x"${expect}" = x'next_or_eof' ]; then : - elif [ "${expect}" != 'changes_or_trailer' ]; then + elif [ x"${expect}" != x'changes_or_trailer' ]; then _ob_parse_changelog_error "${file}" "${line_nr}" \ 'changelog_found_blank_line' \ "$(_ob_get_changelog_expect_str "${expect}")" @@ -97,8 +97,8 @@ ob_parse_changelog() fi ;; [!\ ]*) - if [ "${expect}" != 'first_heading' -a \ - "${expect}" != 'next_or_eof' ]; then + if [ x"${expect}" != x'first_heading' -a \ + x"${expect}" != x'next_or_eof' ]; then _ob_parse_changelog_error "${file}" "${line_nr}" \ 'changelog_found_heading' \ "$(_ob_get_changelog_expect_str "${expect}")" @@ -134,7 +134,7 @@ ob_parse_changelog() blank_lines='' ;; ' -- '*) - if [ "${expect}" != 'changes_or_trailer' ]; then + if [ x"${expect}" != x'changes_or_trailer' ]; then _ob_parse_changelog_error "${file}" "${line_nr}" \ 'changelog_found_trailer' \ "$(_ob_get_changelog_expect_str "${expect}")" @@ -162,8 +162,8 @@ ob_parse_changelog() 'changelog_bad_trailer' ;; ' '*) - if [ "${expect}" != 'start_changes' -a \ - "${expect}" != 'changes_or_trailer' ]; then + if [ x"${expect}" != x'start_changes' -a \ + x"${expect}" != x'changes_or_trailer' ]; then _ob_parse_changelog_error "${file}" "${line_nr}" \ 'changelog_found_change' \ "$(_ob_get_changelog_expect_str "${expect}")" @@ -182,7 +182,7 @@ ob_parse_changelog() $(cat "${file}") EOF - if [ "${expect}" != 'next_or_eof' ]; then + if [ x"${expect}" != x'next_or_eof' ]; then _ob_parse_changelog_error "${file}" "${line_nr}" \ 'changelog_found_eof' \ "$(_ob_get_changelog_expect_str "${expect}")" diff --git a/lib/metadata.sh b/lib/metadata.sh index e22a6e7..c8201ae 100644 --- a/lib/metadata.sh +++ b/lib/metadata.sh @@ -170,8 +170,8 @@ ob_match_arch() for field_arch in ${arch_field}; do # "all" == "all" - if [ "${match_arch}" = 'all' ]; then - if [ "${field_arch}" = 'all' ]; then + if [ x"${match_arch}" = x'all' ]; then + if [ x"${field_arch}" = x'all' ]; then return 0 else continue @@ -179,7 +179,7 @@ ob_match_arch() fi # "foo-bar-baz" == "any" - if [ "${field_arch}" = 'any' ]; then + if [ x"${field_arch}" = x'any' ]; then return 0 fi @@ -215,17 +215,17 @@ ob_match_plat() local p= for p in ${plat_field}; do - if [ "${plat}" = 'all' ]; then - if [ "${p}" = 'all' ]; then + if [ x"${plat}" = x'all' ]; then + if [ x"${p}" = x'all' ]; then return 0 else continue fi fi - if [ "${p}" = 'any' ]; then + if [ x"${p}" = x'any' ]; then return 0 fi - if [ "${p}" = "${plat}" ]; then + if [ x"${p}" = x"${plat}" ]; then return 0 fi done @@ -242,10 +242,10 @@ ob_arch_is_concerned() local not_arch= local seen_arch= - if [ "x${arches}" = 'x' ]; then + if [ x"${arches}" = x'' ]; then return 0 - elif [ "x${host_arch}" = 'xall' ]; then - if [ "x${arches}" = 'xall' ]; then + elif [ x"${host_arch}" = x'all' ]; then + if [ x"${arches}" = x'all' ]; then return 0 else return 1 @@ -254,7 +254,7 @@ ob_arch_is_concerned() seen_arch=1 for arch in ${arches}; do not_arch="${arch#!}" - if [ "${not_arch}" != "${arch}" ]; then + if [ x"${not_arch}" != x"${arch}" ]; then if ob_match_arch "${host_arch}" "${not_arch}" then seen_arch=1 @@ -280,10 +280,10 @@ ob_plat_is_concerned() local not_plat= local seen_plat= - if [ "x${plats}" = 'x' ]; then + if [ x"${plats}" = x'' ]; then return 0 - elif [ "x${host_plat}" = 'xall' ]; then - if [ "x${plats}" = 'xall' ]; then + elif [ x"${host_plat}" = x'all' ]; then + if [ x"${plats}" = x'all' ]; then return 0 else return 1 @@ -292,7 +292,7 @@ ob_plat_is_concerned() seen_plat=1 for plat in ${plats}; do not_plat="${plat#!}" - if [ "${not_plat}" != "${plat}" ]; then + if [ x"${not_plat}" != x"${plat}" ]; then if ob_match_plat "${host_plat}" "${not_plat}" then seen_plat=1 diff --git a/src/ob-buildenv.sh b/src/ob-buildenv.sh index e224c54..dd16146 100644 --- a/src/ob-buildenv.sh +++ b/src/ob-buildenv.sh @@ -43,7 +43,7 @@ setup_toolchain() { # This check is done to allow at least native building on unsupported OSes. # It may be removed in the future. - if [ "${OPK_BUILD_ARCH}" != "${OPK_HOST_ARCH}" ]; then + if [ x"${OPK_BUILD_ARCH}" != x"${OPK_HOST_ARCH}" ]; then tool_prefix="${OPK_HOST_ARCH}-" else tool_prefix='' diff --git a/src/ob-buildopk.sh b/src/ob-buildopk.sh index 670740f..cfe7585 100644 --- a/src/ob-buildopk.sh +++ b/src/ob-buildopk.sh @@ -54,9 +54,9 @@ main() else for pkg in ${OPK_PACKAGES_REDUCED}; do arch="$(ob_get_binary_parameter "${pkg}" 'Architecture')" - [ "${arch}" != 'all' ] && arch="${OPK_HOST_ARCH}" + [ x"${arch}" != x'all' ] && arch="${OPK_HOST_ARCH}" plat="$(ob_get_binary_parameter "${pkg}" 'Platform')" - [ "${plat}" != 'all' ] && plat="${OPK_HOST_PLAT}" + [ x"${plat}" != x'all' ] && plat="${OPK_HOST_PLAT}" build_opk "${pkg}" "${OPK_BINARY_VERSION}" "${arch}" "${plat}" done fi diff --git a/src/ob-genchanges.sh b/src/ob-genchanges.sh index 37f96a9..db76027 100644 --- a/src/ob-genchanges.sh +++ b/src/ob-genchanges.sh @@ -73,9 +73,9 @@ write_files_bin() printf 'Files:\n' >&3 for pkg in ${OPK_PACKAGES_REDUCED}; do arch="$(ob_get_binary_parameter "${pkg}" 'Architecture')" - [ "${arch}" != 'all' ] && arch="${OPK_HOST_ARCH}" + [ x"${arch}" != x'all' ] && arch="${OPK_HOST_ARCH}" plat="$(ob_get_binary_parameter "${pkg}" 'Platform')" - [ "${plat}" != 'all' ] && plat="${OPK_HOST_PLAT}" + [ x"${plat}" != x'all' ] && plat="${OPK_HOST_PLAT}" file="${pkg}_${version}_${arch}_${plat}.opk" printf ' %s %s %s\n' \ "$(wc -c "../../${file}" | cut -d ' ' -f 1)" \ diff --git a/src/ob-gencontrol.sh b/src/ob-gencontrol.sh index 551e6de..434e491 100644 --- a/src/ob-gencontrol.sh +++ b/src/ob-gencontrol.sh @@ -182,9 +182,9 @@ main() for pkg in ${OPK_PACKAGES_REDUCED}; do ob_set_package_substvars "${pkg}" arch="$(ob_get_binary_parameter "${pkg}" 'Architecture')" - [ "${arch}" != 'all' ] && arch="${OPK_HOST_ARCH}" + [ x"${arch}" != x'all' ] && arch="${OPK_HOST_ARCH}" plat="$(ob_get_binary_parameter "${pkg}" 'Platform')" - [ "${plat}" != 'all' ] && plat="${OPK_HOST_PLAT}" + [ x"${plat}" != x'all' ] && plat="${OPK_HOST_PLAT}" desc="$(ob_get_binary_parameter "${pkg}" 'Description')" desc="$(ob_substvars "${desc}")" gen_control "${pkg}" "${OPK_BINARY_VERSION}" "${arch}" "${plat}" \ diff --git a/src/ob-installdocs.sh b/src/ob-installdocs.sh index 6b15e2c..cf67383 100644 --- a/src/ob-installdocs.sh +++ b/src/ob-installdocs.sh @@ -29,7 +29,7 @@ install_docs() for src in ${srcs}; do if [ -f "${src}" ]; then - if [ "${dest%/*}" != "${dest}" ]; then + if [ x"${dest%/*}" != x"${dest}" ]; then if ! mkdir -p "${data_doc_dir}/${dest%/*}"; then ob_error "$(ob_get_msg 'cant_make_doc_dir')" return 1 @@ -40,7 +40,7 @@ install_docs() return 1 fi elif [ -d "${src}" ]; then - if [ "${dest%/*}" != "${dest}" ]; then + if [ x"${dest%/*}" != x"${dest}" ]; then if ! mkdir -p "${data_doc_dir}/${dest%/*}"; then ob_error "$(ob_get_msg 'cant_make_doc_dir')" return 1 @@ -77,7 +77,7 @@ main() doc_dir="$(ob_get_system_path 'package-docs' \ "${pkg}" "${OPK_BINARY_VERSION}")" data_doc_dir="${pkg}.data/${doc_dir%/}" - if [ "${pkg}" = "${doc_pkg}" ]; then + if [ x"${pkg}" = x"${doc_pkg}" ]; then if [ -d "${data_doc_dir}" ]; then ob_info "$(ob_get_msg 'docs_already_installed')" "${pkg}" else diff --git a/src/opkbuild.sh b/src/opkbuild.sh index 6f3246b..affa6e2 100644 --- a/src/opkbuild.sh +++ b/src/opkbuild.sh @@ -394,11 +394,11 @@ main() setup_package || return 1 - if [ "${opt_build}" = 'source' -o "${opt_build}" = 'full' ]; then + if [ x"${opt_build}" = x'source' -o x"${opt_build}" = x'full' ]; then build_source || return 1 fi - if [ "${opt_build}" != 'source' ]; then + if [ x"${opt_build}" != x'source' ]; then print_arch_stats if "${opt_check_build_deps}"; then if ! "${BINDIR}/ob-checkbuilddeps"; then diff --git a/tests/ob_parse_dep.sh b/tests/ob_parse_dep.sh index 2ee6cbf..887f6f1 100755 --- a/tests/ob_parse_dep.sh +++ b/tests/ob_parse_dep.sh @@ -40,7 +40,7 @@ testcase() for comp in pkg archqual rel ver arches; do test_comp="$(eval "printf '%s' \"\${test_${comp}}\"")" good_comp="$(eval "printf '%s' \"\${${comp}}\"")" - if [ "${test_comp}" != "${good_comp}" ]; then + if [ x"${test_comp}" != x"${good_comp}" ]; then diag_ "$(printf 'Dependency "%s", component "%s":' \ "${dep}" "${comp}")" diag_ "$(printf ' "%s" != "%s"\n' \ diff --git a/tests/ob_reduce_deps.sh b/tests/ob_reduce_deps.sh index 833f8de..7030f07 100755 --- a/tests/ob_reduce_deps.sh +++ b/tests/ob_reduce_deps.sh @@ -28,107 +28,107 @@ plan_ 11 command_ok_ \ 'NORMAL LIST "foo, bar"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -a 'amd64-linux-glibc' \ 'foo, bar' \ )" = \ - 'foo, bar' \ + x'foo, bar' \ ] command_ok_ \ 'NORMAL LIST "foo,bar"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -a 'amd64-linux-glibc' \ 'foo,bar' \ )" = \ - 'foo, bar' \ + x'foo, bar' \ ] command_ok_ \ 'NORMAL LIST "foo, bar"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -a 'amd64-linux-glibc' \ 'foo, bar' \ )" = \ - 'foo, bar' \ + x'foo, bar' \ ] command_ok_ \ 'UNION LIST "foo, bar"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -u \ -a 'amd64-linux-glibc' \ 'foo, bar' \ )" = \ - 'foo, bar' \ + x'foo, bar' \ ] command_ok_ \ 'UNION LIST "foo,bar"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -u \ -a 'amd64-linux-glibc' \ 'foo,bar' \ )" = \ - 'foo, bar' \ + x'foo, bar' \ ] command_ok_ \ 'UNION LIST "foo, bar"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -u \ -a 'amd64-linux-glibc' \ 'foo, bar' \ )" = \ - 'foo, bar' \ + x'foo, bar' \ ] # Normal OR-lists. command_ok_ \ 'NORMAL LIST "foo | bar"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -a 'amd64-linux-glibc' \ 'foo | bar' \ )" = \ - 'foo | bar' \ + x'foo | bar' \ ] command_ok_ \ 'NORMAL LIST "foo|bar"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -a 'amd64-linux-glibc' \ 'foo|bar' \ )" = \ - 'foo | bar' \ + x'foo | bar' \ ] command_ok_ \ 'NORMAL LIST "foo | bar"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -a 'amd64-linux-glibc' \ 'foo | bar' \ )" = \ - 'foo | bar' \ + x'foo | bar' \ ] # Normal and union AND-lists with arch specs. command_ok_ \ 'NORMAL LIST "foo [amd64-linux-glibc], bar [!amd64-linux-glibc]"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -a 'amd64-linux-glibc' \ 'foo [amd64-linux-glibc], bar [!amd64-linux-glibc]' \ )" = \ - 'foo' \ + x'foo' \ ] command_ok_ \ 'UNION LIST "foo [amd64-linux-glibc], bar [!amd64-linux-glibc]"' -- \ - [ "$(ob_reduce_deps \ + [ x"$(ob_reduce_deps \ -u \ -a 'amd64-linux-glibc' \ 'foo [amd64-linux-glibc], bar [!amd64-linux-glibc]' \ )" = \ - 'foo' \ + x'foo' \ ] -- cgit v0.9.1