diff options
| author | Jim Meyering <meyering@redhat.com> | 2007-11-30 13:45:38 +0100 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2007-11-30 13:45:38 +0100 |
| commit | 9db1c230c4b9178b1f9ab41c47f3615c54b42852 (patch) | |
| tree | fa66965cbba1371b01e5fdcab9c2ff3e59d74821 | |
| parent | 94a2bd5bf7d92c9d87cf2d8c7a7612144cce4277 (diff) | |
| download | coreutils-9db1c230c4b9178b1f9ab41c47f3615c54b42852.tar.xz | |
Be extra careful to quote $abs_top_builddir-derived names.
* tests/misc/ls-misc (shell_quote): New function.
Use it to quote file names derived from $abs_top_builddir,
in case it contains shell meta-characters. This is not currently
needed, since CuTmpdir detects the fishy name and skips the test.
But it's important enough to add the extra protection.
Reported by Ralf Wildenhues.
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rwxr-xr-x | tests/misc/ls-misc | 17 |
2 files changed, 24 insertions, 1 deletions
@@ -1,5 +1,13 @@ 2007-11-30 Jim Meyering <meyering@redhat.com> + Be extra careful to quote $abs_top_builddir-derived names. + * tests/misc/ls-misc (shell_quote): New function. + Use it to quote file names derived from $abs_top_builddir, + in case it contains shell meta-characters. This is not currently + needed, since CuTmpdir detects the fishy name and skips the test. + But it's important enough to add the extra protection. + Reported by Ralf Wildenhues. + Include test name in the "unsafe working directory name" diagnostic. * tests/CuTmpdir.pm (import): If $ME is '-', use $prefix. diff --git a/tests/misc/ls-misc b/tests/misc/ls-misc index 520c5031e..1e4f327f9 100755 --- a/tests/misc/ls-misc +++ b/tests/misc/ls-misc @@ -35,9 +35,24 @@ use strict; # Turn off localisation of executable's ouput. @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; +# If the string $S is a well-behaved file name, simply return it. +# If it contains white space, quotes, etc., quote it, and return the new string. +sub shell_quote($) +{ + my ($s) = @_; + if ($s =~ m![^\w+/.,-]!) + { + # Convert each single quote to '\'' + $s =~ s/\'/\'\\\'\'/g; + # Then single quote the string. + $s = "'$s'"; + } + return $s; +} + # Set up files used by the setuid-etc tests; skip this entire test if # that cannot be done. -my $test = "$ENV{abs_top_builddir}/src/test"; +my $test = shell_quote "$ENV{abs_top_builddir}/src/test"; system (qq(touch setuid && chmod u+s setuid && $test -u setuid && touch setgid && chmod g+s setgid && $test -g setgid && mkdir sticky && chmod +t sticky && $test -k sticky && |