diff options
author | Niels Thykier <niels@thykier.net> | 2017-10-14 14:55:04 +0000 |
---|---|---|
committer | Niels Thykier <niels@thykier.net> | 2017-10-14 14:55:06 +0000 |
commit | 7bc33f1b48e51d109fd1ef1628afa5f741bb88da (patch) | |
tree | b0514183b2bf92c7a856e41d7ae22737267c44a2 /dh_strip | |
parent | e29afec31f2923b15ae526ce35a518a96c589ff6 (diff) | |
download | debhelper-7bc33f1b48e51d109fd1ef1628afa5f741bb88da.tar.gz |
dh_strip: Avoid potential unsafe stat(_) call
In practise, compat would never issue a stat call itself, but in the
future, we may remove the compat call that happens before this code
path is run.
Signed-off-by: Niels Thykier <niels@thykier.net>
Diffstat (limited to 'dh_strip')
-rwxr-xr-x | dh_strip | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -191,6 +191,12 @@ sub testfile { # Is it a debug library in a debug subdir? return if $fn=~m/debug\/.*\.so/; + # Exploit the previous stat call to get the $mode, so we can check + # later if it is executable or not. + # + # NB: compat() can issue a stat, so we /should/ do this now + my (undef, undef, $mode, undef) = stat(_); + if (compat(10)) { # In compat 10 and earlier, we used filenames and file(1) @@ -206,8 +212,7 @@ sub testfile { } } - # Is it executable? -x isn't good enough, so we need to use stat. - my (undef, undef, $mode, undef) = stat(_); + # -x is not good enough for this test if ($mode & 0111) { # Ok, expensive test. my $type = get_file_type($fn, 1); @@ -220,10 +225,8 @@ sub testfile { # In compat 11, we check the ELF header manually (because bulking file(1) is a pain and # it is too slow otherwise) - # Exploit the previous stat call, so we can check if it is executable or not (-x is not good enough - # for this test) - my (undef, undef, $mode, undef) = stat(_); if (is_so_or_exec_elf_file($fn)) { + # -x is not good enough for this test if ($mode & 0111) { push(@executables, $fn); } else { |