[jira] [Updated] (NETBEANS-1727) Native Execution does not correctly sanitize username for temp directory
[ https://issues.apache.org/jira/browse/NETBEANS-1727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Kishalmi updated NETBEANS-1727: -- Labels: 11.0-vc1 pull-request-available (was: pull-request-available) > Native Execution does not correctly sanitize username for temp directory > > > Key: NETBEANS-1727 > URL: https://issues.apache.org/jira/browse/NETBEANS-1727 > Project: NetBeans > Issue Type: Bug > Components: ide - Code >Affects Versions: 10.0 >Reporter: Matthias Bläsing >Assignee: Matthias Bläsing >Priority: Major > Labels: 11.0-vc1, pull-request-available > Fix For: 11.0 > > Time Spent: 20m > Remaining Estimate: 0h > > When running netbeans on linux this log entry can be observed: > {noformat} > [exec] WARNING [nativeexecution.support.logger]: [743838 ms.] > UnixHostInfoProvider: sed: -e Ausdruck #1, Zeichen 6: Nicht beendeter > »s«-Befehl > {noformat} > The english version is: > {noformat} > sed: -e expression #1, char 6: unterminated `s' command > {noformat} > The problem can be traced back into the > _release/bin/nativeexecution/hostinfo.sh_ script used by the _Native > Execution (ide/dlight.nativeexecution)_ module. > In the file line 119 is the problem: > {code:sh} > USER_D=`echo ${USER} | sed "s/\\\/_/"` > TMPBASE=${TMPBASE:-/var/tmp} > SUFFIX=0 > TMPDIRBASE=${TMPBASE}/dlight_${USER_D} > {code} > The backslashes in the sed call are not correctly escaped. From the context I > assume, that the call is intended to replace directory separator with > underscores. > With a user value of "demo/user\test" I would expect it to result in > "demo_user_test" as the call errors out, it results in the empty string. See > this debug run: > {noformat} > + USER='demo/user\test' > ++ echo 'demo/user\test' > ++ sed 's/\/_/' > sed: -e expression #1, char 6: unterminated `s' command > + USER_D= > + TMPBASE=/var/tmp > + SUFFIX=0 > + TMPDIRBASE=/var/tmp/dlight_ > {noformat} > With the fix I'll propose the above becomes: > {noformat} > + USER='demo/user\test' > ++ echo 'demo/user\test' > ++ sed 's/[\/]/_/g' > + USER_D=demo_user_test > + TMPBASE=/var/tmp > + SUFFIX=0 > + TMPDIRBASE=/var/tmp/dlight_demo_user_test > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Updated] (NETBEANS-1727) Native Execution does not correctly sanitize username for temp directory
[ https://issues.apache.org/jira/browse/NETBEANS-1727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Laszlo Kishalmi updated NETBEANS-1727: -- Fix Version/s: 11.0 > Native Execution does not correctly sanitize username for temp directory > > > Key: NETBEANS-1727 > URL: https://issues.apache.org/jira/browse/NETBEANS-1727 > Project: NetBeans > Issue Type: Bug > Components: ide - Code >Affects Versions: 10.0 >Reporter: Matthias Bläsing >Assignee: Matthias Bläsing >Priority: Major > Labels: pull-request-available > Fix For: 11.0 > > Time Spent: 20m > Remaining Estimate: 0h > > When running netbeans on linux this log entry can be observed: > {noformat} > [exec] WARNING [nativeexecution.support.logger]: [743838 ms.] > UnixHostInfoProvider: sed: -e Ausdruck #1, Zeichen 6: Nicht beendeter > »s«-Befehl > {noformat} > The english version is: > {noformat} > sed: -e expression #1, char 6: unterminated `s' command > {noformat} > The problem can be traced back into the > _release/bin/nativeexecution/hostinfo.sh_ script used by the _Native > Execution (ide/dlight.nativeexecution)_ module. > In the file line 119 is the problem: > {code:sh} > USER_D=`echo ${USER} | sed "s/\\\/_/"` > TMPBASE=${TMPBASE:-/var/tmp} > SUFFIX=0 > TMPDIRBASE=${TMPBASE}/dlight_${USER_D} > {code} > The backslashes in the sed call are not correctly escaped. From the context I > assume, that the call is intended to replace directory separator with > underscores. > With a user value of "demo/user\test" I would expect it to result in > "demo_user_test" as the call errors out, it results in the empty string. See > this debug run: > {noformat} > + USER='demo/user\test' > ++ echo 'demo/user\test' > ++ sed 's/\/_/' > sed: -e expression #1, char 6: unterminated `s' command > + USER_D= > + TMPBASE=/var/tmp > + SUFFIX=0 > + TMPDIRBASE=/var/tmp/dlight_ > {noformat} > With the fix I'll propose the above becomes: > {noformat} > + USER='demo/user\test' > ++ echo 'demo/user\test' > ++ sed 's/[\/]/_/g' > + USER_D=demo_user_test > + TMPBASE=/var/tmp > + SUFFIX=0 > + TMPDIRBASE=/var/tmp/dlight_demo_user_test > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Updated] (NETBEANS-1727) Native Execution does not correctly sanitize username for temp directory
[ https://issues.apache.org/jira/browse/NETBEANS-1727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated NETBEANS-1727: - Labels: pull-request-available (was: ) > Native Execution does not correctly sanitize username for temp directory > > > Key: NETBEANS-1727 > URL: https://issues.apache.org/jira/browse/NETBEANS-1727 > Project: NetBeans > Issue Type: Bug > Components: ide - Code >Affects Versions: 10.0 >Reporter: Matthias Bläsing >Assignee: Matthias Bläsing >Priority: Major > Labels: pull-request-available > > When running netbeans on linux this log entry can be observed: > {noformat} > [exec] WARNING [nativeexecution.support.logger]: [743838 ms.] > UnixHostInfoProvider: sed: -e Ausdruck #1, Zeichen 6: Nicht beendeter > »s«-Befehl > {noformat} > The english version is: > {noformat} > sed: -e expression #1, char 6: unterminated `s' command > {noformat} > The problem can be traced back into the > _release/bin/nativeexecution/hostinfo.sh_ script used by the _Native > Execution (ide/dlight.nativeexecution)_ module. > In the file line 119 is the problem: > {code:sh} > USER_D=`echo ${USER} | sed "s/\\\/_/"` > TMPBASE=${TMPBASE:-/var/tmp} > SUFFIX=0 > TMPDIRBASE=${TMPBASE}/dlight_${USER_D} > {code} > The backslashes in the sed call are not correctly escaped. From the context I > assume, that the call is intended to replace directory separator with > underscores. > With a user value of "demo/user\test" I would expect it to result in > "demo_user_test" as the call errors out, it results in the empty string. See > this debug run: > {noformat} > + USER='demo/user\test' > ++ echo 'demo/user\test' > ++ sed 's/\/_/' > sed: -e expression #1, char 6: unterminated `s' command > + USER_D= > + TMPBASE=/var/tmp > + SUFFIX=0 > + TMPDIRBASE=/var/tmp/dlight_ > {noformat} > With the fix I'll propose the above becomes: > {noformat} > + USER='demo/user\test' > ++ echo 'demo/user\test' > ++ sed 's/[\/]/_/g' > + USER_D=demo_user_test > + TMPBASE=/var/tmp > + SUFFIX=0 > + TMPDIRBASE=/var/tmp/dlight_demo_user_test > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists