[jira] [Updated] (NETBEANS-1727) Native Execution does not correctly sanitize username for temp directory
[
https://issues.apache.org/jira/browse/NETBEANS-1727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Laszlo Kishalmi updated NETBEANS-1727:
--
Labels: 11.0-vc1 pull-request-available (was: pull-request-available)
> Native Execution does not correctly sanitize username for temp directory
>
>
> Key: NETBEANS-1727
> URL: https://issues.apache.org/jira/browse/NETBEANS-1727
> Project: NetBeans
> Issue Type: Bug
> Components: ide - Code
>Affects Versions: 10.0
>Reporter: Matthias Bläsing
>Assignee: Matthias Bläsing
>Priority: Major
> Labels: 11.0-vc1, pull-request-available
> Fix For: 11.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When running netbeans on linux this log entry can be observed:
> {noformat}
> [exec] WARNING [nativeexecution.support.logger]: [743838 ms.]
> UnixHostInfoProvider: sed: -e Ausdruck #1, Zeichen 6: Nicht beendeter
> »s«-Befehl
> {noformat}
> The english version is:
> {noformat}
> sed: -e expression #1, char 6: unterminated `s' command
> {noformat}
> The problem can be traced back into the
> _release/bin/nativeexecution/hostinfo.sh_ script used by the _Native
> Execution (ide/dlight.nativeexecution)_ module.
> In the file line 119 is the problem:
> {code:sh}
> USER_D=`echo ${USER} | sed "s/\\\/_/"`
> TMPBASE=${TMPBASE:-/var/tmp}
> SUFFIX=0
> TMPDIRBASE=${TMPBASE}/dlight_${USER_D}
> {code}
> The backslashes in the sed call are not correctly escaped. From the context I
> assume, that the call is intended to replace directory separator with
> underscores.
> With a user value of "demo/user\test" I would expect it to result in
> "demo_user_test" as the call errors out, it results in the empty string. See
> this debug run:
> {noformat}
> + USER='demo/user\test'
> ++ echo 'demo/user\test'
> ++ sed 's/\/_/'
> sed: -e expression #1, char 6: unterminated `s' command
> + USER_D=
> + TMPBASE=/var/tmp
> + SUFFIX=0
> + TMPDIRBASE=/var/tmp/dlight_
> {noformat}
> With the fix I'll propose the above becomes:
> {noformat}
> + USER='demo/user\test'
> ++ echo 'demo/user\test'
> ++ sed 's/[\/]/_/g'
> + USER_D=demo_user_test
> + TMPBASE=/var/tmp
> + SUFFIX=0
> + TMPDIRBASE=/var/tmp/dlight_demo_user_test
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org
For additional commands, e-mail: commits-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Updated] (NETBEANS-1727) Native Execution does not correctly sanitize username for temp directory
[
https://issues.apache.org/jira/browse/NETBEANS-1727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Laszlo Kishalmi updated NETBEANS-1727:
--
Fix Version/s: 11.0
> Native Execution does not correctly sanitize username for temp directory
>
>
> Key: NETBEANS-1727
> URL: https://issues.apache.org/jira/browse/NETBEANS-1727
> Project: NetBeans
> Issue Type: Bug
> Components: ide - Code
>Affects Versions: 10.0
>Reporter: Matthias Bläsing
>Assignee: Matthias Bläsing
>Priority: Major
> Labels: pull-request-available
> Fix For: 11.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When running netbeans on linux this log entry can be observed:
> {noformat}
> [exec] WARNING [nativeexecution.support.logger]: [743838 ms.]
> UnixHostInfoProvider: sed: -e Ausdruck #1, Zeichen 6: Nicht beendeter
> »s«-Befehl
> {noformat}
> The english version is:
> {noformat}
> sed: -e expression #1, char 6: unterminated `s' command
> {noformat}
> The problem can be traced back into the
> _release/bin/nativeexecution/hostinfo.sh_ script used by the _Native
> Execution (ide/dlight.nativeexecution)_ module.
> In the file line 119 is the problem:
> {code:sh}
> USER_D=`echo ${USER} | sed "s/\\\/_/"`
> TMPBASE=${TMPBASE:-/var/tmp}
> SUFFIX=0
> TMPDIRBASE=${TMPBASE}/dlight_${USER_D}
> {code}
> The backslashes in the sed call are not correctly escaped. From the context I
> assume, that the call is intended to replace directory separator with
> underscores.
> With a user value of "demo/user\test" I would expect it to result in
> "demo_user_test" as the call errors out, it results in the empty string. See
> this debug run:
> {noformat}
> + USER='demo/user\test'
> ++ echo 'demo/user\test'
> ++ sed 's/\/_/'
> sed: -e expression #1, char 6: unterminated `s' command
> + USER_D=
> + TMPBASE=/var/tmp
> + SUFFIX=0
> + TMPDIRBASE=/var/tmp/dlight_
> {noformat}
> With the fix I'll propose the above becomes:
> {noformat}
> + USER='demo/user\test'
> ++ echo 'demo/user\test'
> ++ sed 's/[\/]/_/g'
> + USER_D=demo_user_test
> + TMPBASE=/var/tmp
> + SUFFIX=0
> + TMPDIRBASE=/var/tmp/dlight_demo_user_test
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org
For additional commands, e-mail: commits-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Updated] (NETBEANS-1727) Native Execution does not correctly sanitize username for temp directory
[
https://issues.apache.org/jira/browse/NETBEANS-1727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated NETBEANS-1727:
-
Labels: pull-request-available (was: )
> Native Execution does not correctly sanitize username for temp directory
>
>
> Key: NETBEANS-1727
> URL: https://issues.apache.org/jira/browse/NETBEANS-1727
> Project: NetBeans
> Issue Type: Bug
> Components: ide - Code
>Affects Versions: 10.0
>Reporter: Matthias Bläsing
>Assignee: Matthias Bläsing
>Priority: Major
> Labels: pull-request-available
>
> When running netbeans on linux this log entry can be observed:
> {noformat}
> [exec] WARNING [nativeexecution.support.logger]: [743838 ms.]
> UnixHostInfoProvider: sed: -e Ausdruck #1, Zeichen 6: Nicht beendeter
> »s«-Befehl
> {noformat}
> The english version is:
> {noformat}
> sed: -e expression #1, char 6: unterminated `s' command
> {noformat}
> The problem can be traced back into the
> _release/bin/nativeexecution/hostinfo.sh_ script used by the _Native
> Execution (ide/dlight.nativeexecution)_ module.
> In the file line 119 is the problem:
> {code:sh}
> USER_D=`echo ${USER} | sed "s/\\\/_/"`
> TMPBASE=${TMPBASE:-/var/tmp}
> SUFFIX=0
> TMPDIRBASE=${TMPBASE}/dlight_${USER_D}
> {code}
> The backslashes in the sed call are not correctly escaped. From the context I
> assume, that the call is intended to replace directory separator with
> underscores.
> With a user value of "demo/user\test" I would expect it to result in
> "demo_user_test" as the call errors out, it results in the empty string. See
> this debug run:
> {noformat}
> + USER='demo/user\test'
> ++ echo 'demo/user\test'
> ++ sed 's/\/_/'
> sed: -e expression #1, char 6: unterminated `s' command
> + USER_D=
> + TMPBASE=/var/tmp
> + SUFFIX=0
> + TMPDIRBASE=/var/tmp/dlight_
> {noformat}
> With the fix I'll propose the above becomes:
> {noformat}
> + USER='demo/user\test'
> ++ echo 'demo/user\test'
> ++ sed 's/[\/]/_/g'
> + USER_D=demo_user_test
> + TMPBASE=/var/tmp
> + SUFFIX=0
> + TMPDIRBASE=/var/tmp/dlight_demo_user_test
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org
For additional commands, e-mail: commits-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
