Author: rra
Date: 2006-02-09 20:29:34 +0100 (Thu, 09 Feb 2006)
New Revision: 558
Modified:
trunk/checks/scripts
trunk/debian/changelog
trunk/testset/scripts/debian/rules
Log:
+ [RA] Make the syntax checking of shell scripts more robust against
filenames containing shell metacharacters. Reported by Michael
Stilkerich.
Modified: trunk/checks/scripts
===================================================================
--- trunk/checks/scripts 2006-02-02 23:59:24 UTC (rev 557)
+++ trunk/checks/scripts 2006-02-09 19:29:34 UTC (rev 558)
@@ -309,7 +309,7 @@
if ($base =~ /^(?:(?:b|d)?a|k|z)?sh$/) {
if (-x "$interpreter" && !
script_is_evil_and_wrong("unpacked/$filename")) {
- if (system("$interpreter -n unpacked/$filename >/dev/null 2>&1")) {
+ if (check_script_syntax($interpreter, "unpacked/$filename")) {
tag_error("shell-script-fails-syntax-check", $filename);
}
}
@@ -395,7 +395,7 @@
# perhaps just do it when $base eq "sh" instead?
$checkbashisms = $base eq "sh" ? 1 : 0;
if (-x $valid_interpreters{$base}) {
- if (system("$interpreter -n $filename >/dev/null 2>&1")) {
+ if (check_script_syntax($interpreter, $filename)) {
tag_error("maintainer-shell-script-fails-syntax-check", $file);
}
}
@@ -590,6 +590,24 @@
return $ret;
}
+# Given an interpretor and a file, run the interpretor on that file with the
+# -n option to check syntax, discarding output and returning the exit status.
+sub check_script_syntax {
+ my ($interpreter, $script) = @_;
+ my $pid = fork;
+ if (!defined $pid) {
+ fail("cannot fork: $!");
+ } elsif ($pid == 0) {
+ open STDOUT, '>/dev/null' or fail("cannot reopen stdout: $!");
+ open STDERR, '>&STDOUT' or fail("cannot reopen stderr: $!");
+ exec $interpreter, '-n', $script
+ or fail("cannot exec $interpreter: $!");
+ } else {
+ waitpid $pid, 0;
+ }
+ return $?;
+}
+
1;
# vim: syntax=perl ts=8 sw=4
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-02-02 23:59:24 UTC (rev 557)
+++ trunk/debian/changelog 2006-02-09 19:29:34 UTC (rev 558)
@@ -21,8 +21,11 @@
* checks/scripts:
+ [RA] Allow /tmp in variable settings. It's likely to be a false
positive. Reported by Frank Küster. (Closes: #344998)
+ + [RA] Make the syntax checking of shell scripts more robust against
+ filenames containing shell metacharacters. Reported by Michael
+ Stilkerich.
- -- Russ Allbery <[EMAIL PROTECTED]> Sun, 22 Jan 2006 16:27:20 -0800
+ -- Russ Allbery <[EMAIL PROTECTED]> Thu, 9 Feb 2006 11:27:55 -0800
lintian (1.23.15) unstable; urgency=low
Modified: trunk/testset/scripts/debian/rules
===================================================================
--- trunk/testset/scripts/debian/rules 2006-02-02 23:59:24 UTC (rev 557)
+++ trunk/testset/scripts/debian/rules 2006-02-09 19:29:34 UTC (rev 558)
@@ -31,6 +31,9 @@
touch $(tmp)/usr/share/scripts/mono.exe
chmod 755 $(tmp)/usr/share/scripts/mono.exe
+ echo "#!/bin/sh" > $(tmp)/usr/share/scripts/foo\$$bar
+ chmod 755 $(tmp)/usr/share/scripts/foo\$$bar
+
touch $(tmp)/usr/lib/python2.3/site-packages/test.pyc
cp debian/changelog $(tmp)/usr/share/doc/scripts/changelog
gzip -9 $(tmp)/usr/share/doc/scripts/changelog
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
