From 9089481d37cc8f837e6b32c2d4c37d9065ccee60 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Mon, 23 Oct 2017 15:43:32 +0200 Subject: [PATCH] reject package file names that could be used to install local files. Issue reported by Julian Andres Klode. --- modules/porterbox/files/dd-schroot-cmd | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/modules/porterbox/files/dd-schroot-cmd b/modules/porterbox/files/dd-schroot-cmd index 598fb1258..41993b2c1 100755 --- a/modules/porterbox/files/dd-schroot-cmd +++ b/modules/porterbox/files/dd-schroot-cmd @@ -6,7 +6,7 @@ ## -# Copyright (c) 2013 Peter Palfrader +# Copyright (c) 2013, 2017 Peter Palfrader # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the @@ -177,9 +177,11 @@ class AptSchroot: self.apt_simulate_and_ask(['dist-upgrade']) def apt_install(self, packages): + packages = self.reject_invalid_packages(packages) self.apt_simulate_and_ask(['install', '--'] + packages) def apt_build_dep(self, packages, archonly=False): + packages = self.reject_invalid_packages(packages) cmd = (['--arch-only'] if archonly else []) + ['build-dep', '--'] self.apt_simulate_and_ask(cmd + packages) @@ -197,6 +199,21 @@ class AptSchroot: def secure_run(self, args, unshare=True): WrappedRunner(self.session, args, unshare) + @staticmethod + def reject_invalid_packages(pkgs): + """filter package names + + reject package names that start with . or /, as they are + not valid package names, but can be used to install local files + which we do not want. + """ + new_pkgs = [] + for p in pkgs: + if p.startswith('.') or p.startswith('/'): + die("invalid package name: %s"%(p,)) + new_pkgs.append(p) + return new_pkgs + parser = optparse.OptionParser() parser.set_usage("""%prog [options] -c [-y] -- -- 2.20.1