From 9db1c230c4b9178b1f9ab41c47f3615c54b42852 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Fri, 30 Nov 2007 13:45:38 +0100 Subject: [PATCH] Be extra careful to quote $abs_top_builddir-derived names. * tests/misc/ls-misc (shell_quote): New function. Use it to quote file names derived from $abs_top_builddir, in case it contains shell meta-characters. This is not currently needed, since CuTmpdir detects the fishy name and skips the test. But it's important enough to add the extra protection. Reported by Ralf Wildenhues. --- ChangeLog | 8 ++++++++ tests/misc/ls-misc | 17 ++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 2013a25..005cf8f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2007-11-30 Jim Meyering + Be extra careful to quote $abs_top_builddir-derived names. + * tests/misc/ls-misc (shell_quote): New function. + Use it to quote file names derived from $abs_top_builddir, + in case it contains shell meta-characters. This is not currently + needed, since CuTmpdir detects the fishy name and skips the test. + But it's important enough to add the extra protection. + Reported by Ralf Wildenhues. + Include test name in the "unsafe working directory name" diagnostic. * tests/CuTmpdir.pm (import): If $ME is '-', use $prefix. diff --git a/tests/misc/ls-misc b/tests/misc/ls-misc index 520c503..1e4f327 100755 --- a/tests/misc/ls-misc +++ b/tests/misc/ls-misc @@ -35,9 +35,24 @@ use strict; # Turn off localisation of executable's ouput. @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; +# If the string $S is a well-behaved file name, simply return it. +# If it contains white space, quotes, etc., quote it, and return the new string. +sub shell_quote($) +{ + my ($s) = @_; + if ($s =~ m![^\w+/.,-]!) + { + # Convert each single quote to '\'' + $s =~ s/\'/\'\\\'\'/g; + # Then single quote the string. + $s = "'$s'"; + } + return $s; +} + # Set up files used by the setuid-etc tests; skip this entire test if # that cannot be done. -my $test = "$ENV{abs_top_builddir}/src/test"; +my $test = shell_quote "$ENV{abs_top_builddir}/src/test"; system (qq(touch setuid && chmod u+s setuid && $test -u setuid && touch setgid && chmod g+s setgid && $test -g setgid && mkdir sticky && chmod +t sticky && $test -k sticky && -- 2.7.4