From 18eca7492d5bf8a757477198ec2a732d9ab95ef6 Mon Sep 17 00:00:00 2001 From: rillig Date: Wed, 17 Oct 2007 02:45:42 +0000 Subject: Added some very basic sanity checks for the arguments to bootstrap. This code should have been here since the very beginning of bootstrap. Additionally, the paths are checked that they only contain characters from the "Portable Filename Character Set" (IEEE 2003.1, definition 3.276). Motivated by http://mail-index.netbsd.org/pkgsrc-users/2007/10/17/0000.html --- bootstrap/bootstrap | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) (limited to 'bootstrap') diff --git a/bootstrap/bootstrap b/bootstrap/bootstrap index c6cec700aa8..34009b8f633 100755 --- a/bootstrap/bootstrap +++ b/bootstrap/bootstrap @@ -1,6 +1,6 @@ #! /bin/sh -# $NetBSD: bootstrap,v 1.114 2007/10/09 01:10:19 rillig Exp $ +# $NetBSD: bootstrap,v 1.115 2007/10/17 02:45:42 rillig Exp $ # # # Copyright (c) 2001-2002 Alistair G. Crooks. All rights reserved. @@ -261,6 +261,26 @@ get_optarg() expr "x$1" : "x[^=]*=\\(.*\\)" } +checkarg_sane_absolute_path() { + case "$1" in + "") ;; # the default value will be used. + *[!-A-Za-z0-9_./]*) + die "ERROR: Invalid characters in path $1 (from $2)." ;; + /*) ;; + *) die "ERROR: The argument to $2 must be an absolute path." ;; + esac +} + +checkarg_sane_relative_path() { + case "$1" in + "") ;; # the default value will be used. + *[!-A-Za-z0-9_./]*) + die "ERROR: Invalid characters in path $1 (from $2)." ;; + /*) die "ERROR: The argument to $2 must be a relative path." ;; + *) ;; + esac +} + bootstrap_sh=${SH-/bin/sh} bootstrap_sh_set=${SH+set} @@ -326,6 +346,13 @@ while [ $# -gt 0 ]; do shift done +checkarg_sane_absolute_path "$wrkdir" "--workdir" +checkarg_sane_absolute_path "$prefix" "--prefix" +checkarg_sane_absolute_path "$pkgdbdir" "--pkgdbdir" +checkarg_sane_absolute_path "$sysconfdir" "--sysconfdir" +checkarg_sane_absolute_path "$varbase" "--varbase" +checkarg_sane_relative_path "$pkgmandir" "--pkgmandir" + # set defaults for system locations if not already set by the user wrkobjdir=${wrkdir}/pkgsrc if [ "$ignoreusercheck" = "yes" ]; then -- cgit v1.2.3