From 049f1d1434c5e3dc5f1c6a0d57711b33911c3b12 Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Sun, 14 Apr 2019 01:36:13 -0400 Subject: Protect against cmd operands beginning with "-" --- diff --git a/src/cmd/process-incoming.sh b/src/cmd/process-incoming.sh index 59e7818..4a5e7d9 100644 --- a/src/cmd/process-incoming.sh +++ b/src/cmd/process-incoming.sh @@ -37,9 +37,9 @@ cmd_process_incoming_main() if [ ! -f "${file}" ]; then continue fi - rm -f "${file}" + rm -f -- "${file}" done - rm -f "${changes}" + rm -f -- "${changes}" done fini diff --git a/src/db.sh b/src/db.sh index 4069621..944d701 100644 --- a/src/db.sh +++ b/src/db.sh @@ -35,7 +35,7 @@ db_get_srcver() dir="${base_dir}/feeds/${chan}/${dist}/.db" dir="${dir}/$(hash_name "${source}")/${source}" if [ -f "${dir}/srcver" ]; then - cat "${dir}/srcver" + cat -- "${dir}/srcver" fi return 0 @@ -52,7 +52,7 @@ db_set_srcver() dir="${base_dir}/feeds/${chan}/${dist}/.db" dir="${dir}/$(hash_name "${source}")/${source}" - mkdir -p "${dir}" + mkdir -p -- "${dir}" printf '%s\n' "${srcver}" >"${dir}/srcver" return 0 @@ -68,9 +68,9 @@ db_del_srcver() dir="${base_dir}/feeds/${chan}/${dist}/.db" dir="${dir}/$(hash_name "${source}")/${source}" - rm -f "${dir}/srcver" + rm -f -- "${dir}/srcver" # Remove ".../.db//". - rmdir "${dir}" + rmdir -- "${dir}" # Try to remove ".../.db/" and ".../.db". for dir in "${dir%/*}" "${dir%/*/*}"; do try_rmdir "${dir}" || break @@ -92,7 +92,7 @@ db_get_binver() dir="${base_dir}/feeds/${chan}/${dist}/.db" dir="${dir}/$(hash_name "${source}")/${source}/${arch}_${plat}" if [ -f "${dir}/binver" ]; then - cat "${dir}/binver" + cat -- "${dir}/binver" fi return 0 @@ -111,7 +111,7 @@ db_set_binver() dir="${base_dir}/feeds/${chan}/${dist}/.db" dir="${dir}/$(hash_name "${source}")/${source}/${arch}_${plat}" - mkdir -p "${dir}" + mkdir -p -- "${dir}" printf '%s\n' "${binver}" >"${dir}/binver" return 0 @@ -129,9 +129,9 @@ db_del_binver() dir="${base_dir}/feeds/${chan}/${dist}/.db" dir="${dir}/$(hash_name "${source}")/${source}/${arch}_${plat}" - rm -f "${dir}/binver" + rm -f -- "${dir}/binver" # Remove ".../.db///_". - rmdir "${dir}" + rmdir -- "${dir}" return 0 } @@ -202,7 +202,7 @@ db_get_packages() dir="${base_dir}/pool/$(hash_name "${source}")/${source}/.db" dir="${dir}/${binver}_${arch}_${plat}" if [ -f "${dir}/packages" ]; then - cat "${dir}/packages" + cat -- "${dir}/packages" fi return 0 @@ -222,7 +222,7 @@ db_add_package() dir="${base_dir}/pool/$(hash_name "${source}")/${source}/.db" dir="${dir}/${binver}_${arch}_${plat}" - mkdir -p "${dir}" + mkdir -p -- "${dir}" printf '%s %s %s\n' "${size}" "${sect}" "${pkg}" >>"${dir}/packages" return 0 @@ -239,9 +239,9 @@ db_del_packages() dir="${base_dir}/pool/$(hash_name "${source}")/${source}/.db" dir="${dir}/${binver}_${arch}_${plat}" - rm -f "${dir}/packages" + rm -f -- "${dir}/packages" # Remove "pool///.db/__". - rmdir "${dir}" + rmdir -- "${dir}" # Try to remove "pool///.db". try_rmdir "${dir%/*}" || : @@ -261,11 +261,11 @@ db_inc_references() dir="${base_dir}/pool/$(hash_name "${source}")/${source}/.db" dir="${dir}/${binver}_${arch}_${plat}" if [ -f "${dir}/references" ]; then - refs="$(cat "${dir}/references")" + refs="$(cat -- "${dir}/references")" refs=$((${refs} + 1)) else refs=1 - mkdir -p "${dir}" + mkdir -p -- "${dir}" fi printf '%d\n' "${refs}" >"${dir}/references" printf '%d\n' "${refs}" @@ -292,7 +292,7 @@ db_dec_references() refs=0 fi if [ ${refs} -eq 0 ]; then - rm -f "${dir}/references" + rm -f -- "${dir}/references" else printf '%d\n' "${refs}" >"${dir}/references" fi diff --git a/src/dir.sh b/src/dir.sh index e7489ef..1877568 100644 --- a/src/dir.sh +++ b/src/dir.sh @@ -73,7 +73,7 @@ try_rmdir() if ! dir_is_empty "${dir}"; then return 1 fi - if ! rmdir "${dir}"; then + if ! rmdir -- "${dir}"; then return 1 fi diff --git a/src/garbage.sh b/src/garbage.sh index 7d4fac5..118bce1 100644 --- a/src/garbage.sh +++ b/src/garbage.sh @@ -60,14 +60,14 @@ collect_garbage() fi while read -r dirs file; do info_v "$(get_msg 'collecting_garbage_file')" "${file}" - rm -f "${base_dir}/${file}" + rm -f -- "${base_dir}/${file}" while [ ${dirs} -gt 0 ]; do file="${file%/*}" try_rmdir "${base_dir}/${file}" || : dirs=$((${dirs} - 1)) done done <"${garbage}" - rm -f "${garbage}" + rm -f -- "${garbage}" done return 0 @@ -84,7 +84,7 @@ mark_pool_garbage() time=$(_time) time=$((${time} + ${conf_pool_gc_delay})) - mkdir -p "${base_dir}/.db/garbage" + mkdir -p -- "${base_dir}/.db/garbage" printf '2 %s\n' "${file}" >>"${base_dir}/.db/garbage/${time}" return 0 diff --git a/src/include.sh b/src/include.sh index 72d14f7..71e82ac 100644 --- a/src/include.sh +++ b/src/include.sh @@ -166,9 +166,9 @@ include_changes() "${size}" "${sect}" "${pkg}" pool_file="pool/$(hash_name "${source}")/${source}" pool_file="${pool_file}/${pkg}_${binver}_${arch}_${plat}.opk" - file="$(dirname "${changes}")/${file}" + file="$(dirname -- "${changes}")/${file}" files="${files} ${file}" - cp -p "${file}" "${base_dir}/${pool_file}" + cp -p -- "${file}" "${base_dir}/${pool_file}" feed_add_package "${chan}" "${dist}" "${arch}" "${plat}" \ "${sect}" "${pkg}" "${size}" "${pool_file}" done <<-EOF diff --git a/src/index.sh b/src/index.sh index 04283fb..b37b895 100644 --- a/src/index.sh +++ b/src/index.sh @@ -62,8 +62,8 @@ feed_add_package() # Add package metadata to feed hash index. feed_hash_idx="${base_dir}/feeds/${chan}/${dist}/${arch}/${plat}" feed_hash_idx="${feed_hash_idx}/${sect}/.db/${pkg_hash}" - mkdir -p "${feed_hash_idx}/info" - "${TAR}" -xzOf "${base_dir}/${file}" 'control.tar.gz' | \ + mkdir -p -- "${feed_hash_idx}/info" + "${TAR}" -xzOf -- "${base_dir}/${file}" 'control.tar.gz' | \ "${TAR}" -xzO './control' \ >"${feed_hash_idx}/info/${pkg}.control" printf 'Filename: %s\nSize: %s\nMD5sum: %s\nSHA256sum: %s\n\n' \ @@ -75,7 +75,7 @@ feed_add_package() # Mark feed index fragment as outdated. old_dir="${base_dir}/feeds/.db/${chan}_${dist}/${arch}_${plat}" old_dir="${old_dir}/${sect}" - mkdir -p "${old_dir}" + mkdir -p -- "${old_dir}" >"${old_dir}/${pkg_hash}" return 0 @@ -102,13 +102,13 @@ feed_remove_package() # Remove package metadata from feed hash index. feed_hash_idx="${base_dir}/feeds/${chan}/${dist}/${arch}/${plat}" feed_hash_idx="${feed_hash_idx}/${sect}/.db/${pkg_hash}" - rm -f "${feed_hash_idx}/info/${pkg}.control" + rm -f -- "${feed_hash_idx}/info/${pkg}.control" try_rmdir "${feed_hash_idx}/info" || : # Mark feed index fragment as outdated. old_dir="${base_dir}/feeds/.db/${chan}_${dist}/${arch}_${plat}" old_dir="${old_dir}/${sect}" - mkdir -p "${old_dir}" + mkdir -p -- "${old_dir}" >"${old_dir}/${pkg_hash}" return 0 @@ -173,46 +173,46 @@ update_feeds() idx="${sect}/.db/${hash_dirent##*/}" # Ensure there are still packages here. if [ -d "${idx}/info" ]; then - cat "${idx}/info/"*.control \ + cat -- "${idx}/info/"*.control \ >"${idx}/Packages" else - rm -f "${idx}/Packages" - rmdir "${idx}" + rm -f -- "${idx}/Packages" + rmdir -- "${idx}" fi - rm -f "${hash_dirent}" + rm -f -- "${hash_dirent}" done # Ensure there are still packages here. if ! try_rmdir "${sect}/.db"; then - cat "${sect}/.db/"*/Packages \ + cat -- "${sect}/.db/"*/Packages \ >"${sect}/Packages~" - mv "${sect}/Packages~" \ + mv -- "${sect}/Packages~" \ "${sect}/Packages" if ${conf_gzip}; then - "${GZIP}" -9c \ + "${GZIP}" -9c -- \ "${sect}/Packages" \ >"${sect}/Packages.gz" fi feed_sign "${sect}/Packages" printf '%s\n' "${manifest_entry}" >&3 else - rm -f "${sect}/Packages" \ + rm -f -- "${sect}/Packages" \ "${sect}/Packages.gz" fi - rmdir "${sect_dirent}" + rmdir -- "${sect_dirent}" try_rmdir "${sect}" || : done - rmdir "${archplat_dirent}" + rmdir -- "${archplat_dirent}" try_rmdir "${archplat}" || : try_rmdir "${archplat%/*}" || : done - rmdir "${suite_dirent}" + rmdir -- "${suite_dirent}" exec 3>&- if [ -s "${suite}/Manifest~" ]; then - mv "${suite}/Manifest~" "${suite}/Manifest" + mv -- "${suite}/Manifest~" "${suite}/Manifest" else - rm -f "${suite}/Manifest~" "${suite}/Manifest" - rmdir "${suite}" - rmdir "${suite%/*}" 2>/dev/null || : + rm -f -- "${suite}/Manifest~" "${suite}/Manifest" + rmdir -- "${suite}" + rmdir -- "${suite%/*}" 2>/dev/null || : fi done diff --git a/src/locale.sh b/src/locale.sh index 8a72926..63a38e9 100644 --- a/src/locale.sh +++ b/src/locale.sh @@ -38,7 +38,7 @@ _try_load_locale() # informative error message before aborting, we need this # eval/cat command. This is more resilient against race # conditions than `[ -f "${ms}" ]` is. - eval "$(cat "${ms}" 2>/dev/null)" || continue + eval "$(cat -- "${ms}" 2>/dev/null)" || continue return 0 done diff --git a/src/main.sh b/src/main.sh index 7af0810..5998e9c 100644 --- a/src/main.sh +++ b/src/main.sh @@ -43,7 +43,7 @@ exit_status= _lock() { - mkdir -p "${base_dir}/.db" + mkdir -p -- "${base_dir}/.db" lock="${base_dir}/.db/lock" if ! (set -C; printf '%d\n' "${$}" >"${lock}") 2>/dev/null; then error 2 "$(get_msg 'lock_fail')" @@ -52,7 +52,7 @@ _lock() _unlock() { - rm -f "${lock}" + rm -f -- "${lock}" } _handle_sig() @@ -63,9 +63,9 @@ _handle_sig() _unlock if [ "x${exit_status:+set}" = 'xset' ]; then - exit ${exit_status} + exit -- ${exit_status} else - exit $((128 + ${sig})) + exit -- $((128 + ${sig})) fi } @@ -116,14 +116,14 @@ _get_conf() conf_gzip=true conf_key='' - eval "$(cat "${base_dir}/conf" 2>/dev/null || :)" + eval "$(cat -- "${base_dir}/conf" 2>/dev/null || :)" old_dir="$(pwd)" - cd "${base_dir}" + cd -- "${base_dir}" if [ -d "${conf_incoming_dir}" ]; then - conf_incoming_dir="$(cd "${conf_incoming_dir}" && pwd)" + conf_incoming_dir="$(cd -- "${conf_incoming_dir}" && pwd)" fi - cd "${old_dir}" + cd -- "${old_dir}" case "${conf_pool_gc_delay}" in *[!0-9]* | '') error 1 "$(get_msg 'conf_invalid')" 'conf_pool_gc_delay' @@ -158,9 +158,9 @@ main() local cmd= local status= - if [ -f "$(dirname "${0}")/.builddirstamp" ]; then + if [ -f "$(dirname -- "${0}")/.builddirstamp" ]; then in_place=true - builddir="$(dirname "${0}")" + builddir="$(dirname -- "${0}")" else in_place=false builddir='' -- cgit v0.9.1