Check for transaction root sanity in rpmtsSetRootDir()

- only regular paths starting with / permitted
- change prototype to permit return codes

diff --git a/lib/rpmts.c b/lib/rpmts.c
index 99fd783..ad0984a 100644 (file)
--- a/lib/rpmts.c
+++ b/lib/rpmts.c
@@ -952,17 +952,19 @@ const char * rpmtsRootDir(rpmts ts)
     return rootDir;
 }
 
-void rpmtsSetRootDir(rpmts ts, const char * rootDir)
+int rpmtsSetRootDir(rpmts ts, const char * rootDir)
 {
-    if (ts != NULL) {
-       ts->rootDir = _free(ts->rootDir);
+    if (ts == NULL || (rootDir && rootDir[0] != '/')) {
+       return -1;
+    }
 
-       /* Ensure clean path with a trailing slash */
-       ts->rootDir = rootDir ? rpmGetPath(rootDir, NULL) : xstrdup("/");
-       if (strcmp(ts->rootDir, "/") != 0) {
-           rstrcat(&ts->rootDir, "/");
-       }
+    ts->rootDir = _free(ts->rootDir);
+    /* Ensure clean path with a trailing slash */
+    ts->rootDir = rootDir ? rpmGetPath(rootDir, NULL) : xstrdup("/");
+    if (strcmp(ts->rootDir, "/") != 0) {
+       rstrcat(&ts->rootDir, "/");
     }
+    return 0;
 }
 
 const char * rpmtsCurrDir(rpmts ts)

diff --git a/lib/rpmts.h b/lib/rpmts.h
index 5d8928a..0b4af36 100644 (file)
--- a/lib/rpmts.h
+++ b/lib/rpmts.h
@@ -416,11 +416,11 @@ const char * rpmtsRootDir(rpmts ts);
 
 /** \ingroup rpmts
  * Set transaction rootDir, i.e. path to chroot(2).
- * @todo               disallow funky http:// etc urls...
  * @param ts           transaction set
  * @param rootDir      new transaction rootDir (or NULL)
+ * @return             0 on success, -1 on error (invalid rootDir)
  */
-void rpmtsSetRootDir(rpmts ts, const char * rootDir);
+int rpmtsSetRootDir(rpmts ts, const char * rootDir);
 
 /** \ingroup rpmts
  * Get transaction currDir, i.e. current directory before chroot(2).