Fix security hole: check $program is a supported one.

diff --git a/pristine-bz2 b/pristine-bz2
index 2866935..0e1c7d4 100755 (executable)
--- a/pristine-bz2
+++ b/pristine-bz2
@@ -79,6 +79,9 @@ use constant BZIP2_ID2                 => 0x5a;
 # compression methods, 'h' for Bzip2 ('H'uffman coding), '0' for Bzip1 (deprecated)
 use constant BZIP2_METHOD_HUFFMAN => 0x68;
 
+# only used in the paranoia check, not in reproducebzip2()
+my @supported_bzip2_programs = qw(bzip2 pbzip2);
+
 my $verbose=0;
 my $debug=0;
 my $keep=0;
@@ -191,6 +194,8 @@ sub reproducebzip2 {
        # header information
        my @args = predictbzip2args($level);
 
+       # fixme: we might be iterating using @supported_bzip2_programs
+
        # bzip2 -9 in *many* cases
        testvariant($orig, $new, 'bzip2', @args)
                && return 'bzip2', @args;
@@ -249,9 +254,13 @@ sub genbz2 {
        }
        @params=split(' ', $params);
        close IN;
+
        open (IN, "$tempdir/program") || die "delta lacks program file ($!)";
        my $program=<IN>;
        chomp $program;
+       if (! grep { $program eq $_ } @supported_bzip2_programs) {
+               die "paranoia check failed on program file from delta ($program)";
+       }
        close IN;
 
        # arbitrary?