CVS commit: src

Sat, 07 Oct 2017 18:06:07 -0700 

Module Name:    src
Committed By:   kre
Date:           Sun Oct  8 01:05:13 UTC 2017

Modified Files:
        src: build.sh

Log Message:
Better validation of var name args to -V and -Z, in a way that makes
it trivial to add a list of banned var names for either of those args
should that ever be considered desireable (as the XXX suggests it might.)
I've had this mod locked in my tree for (at least) months - time to set it free.


To generate a diff of this commit:
cvs rdiff -u -r1.320 -r1.321 src/build.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/build.sh
diff -u src/build.sh:1.320 src/build.sh:1.321
--- src/build.sh:1.320	Sun Oct  8 00:45:25 2017
+++ src/build.sh	Sun Oct  8 01:05:13 2017
@@ -1,5 +1,5 @@
 #! /usr/bin/env sh
-#	$NetBSD: build.sh,v 1.320 2017/10/08 00:45:25 kre Exp $
+#	$NetBSD: build.sh,v 1.321 2017/10/08 01:05:13 kre Exp $
 #
 # Copyright (c) 2001-2011 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -952,12 +952,35 @@ setmakeenv()
 	eval "$1='$2'; export $1"
 	makeenv="${makeenv} $1"
 }
+safe_setmakeenv()
+{
+	case "$1" in
+
+	#	Look for any vars we want to prohibit here, like:
+	# Bad | Dangerous)	usage "Cannot override $1 with -V";;
+
+	# That first char is OK has already been verified.
+	*[!A-Za-z0-9_]*)	usage "Bad variable name (-V): '$1'";;
+	esac
+	setmakeenv "$@"
+}
 
 unsetmakeenv()
 {
 	eval "unset $1"
 	makeenv="${makeenv} $1"
 }
+safe_unsetmakeenv()
+{
+	case "$1" in
+
+	#	Look for any vars user should not be able to unset
+	# Needed | Must_Have)	usage "Variable $1 cannot be unset";;
+
+	[!A-Za-z_]* | *[!A-Za-z0-9_]*)	usage "Bad variable name (-Z): '$1'";;
+	esac
+	unsetmakeenv "$1"
+}
 
 # Given a variable name in $1, modify the variable in place as follows:
 # For each space-separated word in the variable, call resolvepath.
@@ -1259,8 +1282,11 @@ parseoptions()
 			eval ${optargcmd}
 			case "${OPTARG}" in
 		    # XXX: consider restricting which variables can be changed?
-			[a-zA-Z_][a-zA-Z_0-9]*=*)
-				setmakeenv "${OPTARG%%=*}" "${OPTARG#*=}"
+			[a-zA-Z_]*=*)
+				safe_setmakeenv "${OPTARG%%=*}" "${OPTARG#*=}"
+				;;
+			[a-zA-Z_]*)
+				safe_setmakeenv "${OPTARG}" ""
 				;;
 			*)
 				usage "-V argument must be of the form 'var=[value]'"
@@ -1294,7 +1320,7 @@ parseoptions()
 		-Z)
 			eval ${optargcmd}
 		    # XXX: consider restricting which variables can be unset?
-			unsetmakeenv "${OPTARG}"
+			safe_unsetmakeenv "${OPTARG}"
 			;;
 
 		--)
@@ -1912,7 +1938,7 @@ createmakewrapper()
 	eval cat <<EOF ${makewrapout}
 #! ${HOST_SH}
 # Set proper variables to allow easy "make" building of a NetBSD subtree.
-# Generated from:  \$NetBSD: build.sh,v 1.320 2017/10/08 00:45:25 kre Exp $
+# Generated from:  \$NetBSD: build.sh,v 1.321 2017/10/08 01:05:13 kre Exp $
 # with these arguments: ${_args}
 #

Reply via email to