From 049f1d1434c5e3dc5f1c6a0d57711b33911c3b12 Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Sun, 14 Apr 2019 01:36:13 -0400 Subject: Protect against cmd operands beginning with "-" --- (limited to 'src/index.sh') diff --git a/src/index.sh b/src/index.sh index 04283fb..b37b895 100644 --- a/src/index.sh +++ b/src/index.sh @@ -62,8 +62,8 @@ feed_add_package() # Add package metadata to feed hash index. feed_hash_idx="${base_dir}/feeds/${chan}/${dist}/${arch}/${plat}" feed_hash_idx="${feed_hash_idx}/${sect}/.db/${pkg_hash}" - mkdir -p "${feed_hash_idx}/info" - "${TAR}" -xzOf "${base_dir}/${file}" 'control.tar.gz' | \ + mkdir -p -- "${feed_hash_idx}/info" + "${TAR}" -xzOf -- "${base_dir}/${file}" 'control.tar.gz' | \ "${TAR}" -xzO './control' \ >"${feed_hash_idx}/info/${pkg}.control" printf 'Filename: %s\nSize: %s\nMD5sum: %s\nSHA256sum: %s\n\n' \ @@ -75,7 +75,7 @@ feed_add_package() # Mark feed index fragment as outdated. old_dir="${base_dir}/feeds/.db/${chan}_${dist}/${arch}_${plat}" old_dir="${old_dir}/${sect}" - mkdir -p "${old_dir}" + mkdir -p -- "${old_dir}" >"${old_dir}/${pkg_hash}" return 0 @@ -102,13 +102,13 @@ feed_remove_package() # Remove package metadata from feed hash index. feed_hash_idx="${base_dir}/feeds/${chan}/${dist}/${arch}/${plat}" feed_hash_idx="${feed_hash_idx}/${sect}/.db/${pkg_hash}" - rm -f "${feed_hash_idx}/info/${pkg}.control" + rm -f -- "${feed_hash_idx}/info/${pkg}.control" try_rmdir "${feed_hash_idx}/info" || : # Mark feed index fragment as outdated. old_dir="${base_dir}/feeds/.db/${chan}_${dist}/${arch}_${plat}" old_dir="${old_dir}/${sect}" - mkdir -p "${old_dir}" + mkdir -p -- "${old_dir}" >"${old_dir}/${pkg_hash}" return 0 @@ -173,46 +173,46 @@ update_feeds() idx="${sect}/.db/${hash_dirent##*/}" # Ensure there are still packages here. if [ -d "${idx}/info" ]; then - cat "${idx}/info/"*.control \ + cat -- "${idx}/info/"*.control \ >"${idx}/Packages" else - rm -f "${idx}/Packages" - rmdir "${idx}" + rm -f -- "${idx}/Packages" + rmdir -- "${idx}" fi - rm -f "${hash_dirent}" + rm -f -- "${hash_dirent}" done # Ensure there are still packages here. if ! try_rmdir "${sect}/.db"; then - cat "${sect}/.db/"*/Packages \ + cat -- "${sect}/.db/"*/Packages \ >"${sect}/Packages~" - mv "${sect}/Packages~" \ + mv -- "${sect}/Packages~" \ "${sect}/Packages" if ${conf_gzip}; then - "${GZIP}" -9c \ + "${GZIP}" -9c -- \ "${sect}/Packages" \ >"${sect}/Packages.gz" fi feed_sign "${sect}/Packages" printf '%s\n' "${manifest_entry}" >&3 else - rm -f "${sect}/Packages" \ + rm -f -- "${sect}/Packages" \ "${sect}/Packages.gz" fi - rmdir "${sect_dirent}" + rmdir -- "${sect_dirent}" try_rmdir "${sect}" || : done - rmdir "${archplat_dirent}" + rmdir -- "${archplat_dirent}" try_rmdir "${archplat}" || : try_rmdir "${archplat%/*}" || : done - rmdir "${suite_dirent}" + rmdir -- "${suite_dirent}" exec 3>&- if [ -s "${suite}/Manifest~" ]; then - mv "${suite}/Manifest~" "${suite}/Manifest" + mv -- "${suite}/Manifest~" "${suite}/Manifest" else - rm -f "${suite}/Manifest~" "${suite}/Manifest" - rmdir "${suite}" - rmdir "${suite%/*}" 2>/dev/null || : + rm -f -- "${suite}/Manifest~" "${suite}/Manifest" + rmdir -- "${suite}" + rmdir -- "${suite%/*}" 2>/dev/null || : fi done -- cgit v0.9.1