Author: emaste Date: Fri Oct 7 20:01:59 2016 New Revision: 306825 URL: https://svnweb.freebsd.org/changeset/base/306825
Log: portsnap: use lam on the known good hash list This change is equivalent to the approach committed in r306417, but if sed has a bug it could be exploited by the untrusted tar file. Instead, generate the expected tar content and compare that with find's output. convert the expected hash list to the expected tar content filesystem layout, and compare that with find's output. Submitted by: cperciva (in review D8052) Reviewed by: oshogbo MFC after: 2 weeks Modified: head/usr.sbin/portsnap/portsnap/portsnap.sh Modified: head/usr.sbin/portsnap/portsnap/portsnap.sh ============================================================================== --- head/usr.sbin/portsnap/portsnap/portsnap.sh Fri Oct 7 19:28:45 2016 (r306824) +++ head/usr.sbin/portsnap/portsnap/portsnap.sh Fri Oct 7 20:01:59 2016 (r306825) @@ -691,8 +691,9 @@ fetch_snapshot() { fetch_index_sanity || return 1 # Verify the snapshot contents cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1 - cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected - find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap + cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u | + lam -s 'snap/' - -s '.gz' > files.expected + find snap -mindepth 1 | sort > files.snap if ! cmp -s files.expected files.snap; then echo "unexpected files in snapshot." return 1 _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"