pkgdelta: avoid use of eval and IFS manipulation
Instead of blindly consuming data from the .PKGINFO file, parse it more closely and only declare variables as needed. Should help to avoid nonsensical errors and possibly dangerous command execution as seen in FS#32852. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Dave Reisner
Allan McRae
parent
8e736e1c9a
commit
5a5e712c74
1 changed files with 12 additions and 16 deletions
|
|
@ -72,23 +72,19 @@ isnumeric() {
|
||||||
[[ $1 != *[!0-9]* ]]
|
[[ $1 != *[!0-9]* ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
read_pkginfo()
|
read_pkginfo() {
|
||||||
{
|
while IFS='=' read -r field value; do
|
||||||
pkgname= pkgver= arch=
|
# skip comments and invalid lines
|
||||||
local OLDIFS=$IFS
|
[[ $field = '#'* || -z $value ]] && continue
|
||||||
# IFS (field separator) is only the newline character
|
|
||||||
IFS="
|
# skip lines which aren't fields we care about
|
||||||
"
|
[[ $field != @(pkgver|pkgname|arch) ]] || continue
|
||||||
local line var val
|
|
||||||
for line in $(bsdtar -xOqf "$1" .PKGINFO 2>/dev/null |
|
declare "$field=$value"
|
||||||
grep -v "^#" | sed 's|\(\w*\)\s*=\s*\(.*\)|\1="\2"|'); do
|
|
||||||
eval "$line"
|
[[ $pkgname && $pkgver && $arch ]] && return 0
|
||||||
if [[ -n $pkgname && -n $pkgver && -n $arch ]]; then
|
|
||||||
IFS=$OLDIFS
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
IFS=$OLDIFS
|
|
||||||
error "$(gettext "Invalid package file '%s'.")" "$1"
|
error "$(gettext "Invalid package file '%s'.")" "$1"
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue