Author: emaste
Date: Fri Oct 7 20:01:59 2016
New Revision: 306825
URL: https://svnweb.freebsd.org/changeset/base/306825
Log:
portsnap: use lam on the known good hash list
This change is equivalent to the approach committed in r306417, but if
sed has a bug it could be exploited by the untrusted tar file. Instead,
generate the expected tar content and compare that with find's output.
convert the expected hash list to the expected tar content filesystem
layout, and compare that with find's output.
Submitted by: cperciva (in review D8052)
Reviewed by: oshogbo
MFC after: 2 weeks
Modified:
head/usr.sbin/portsnap/portsnap/portsnap.sh
Modified: head/usr.sbin/portsnap/portsnap/portsnap.sh
==============================================================================
--- head/usr.sbin/portsnap/portsnap/portsnap.sh Fri Oct 7 19:28:45 2016
(r306824)
+++ head/usr.sbin/portsnap/portsnap/portsnap.sh Fri Oct 7 20:01:59 2016
(r306825)
@@ -691,8 +691,9 @@ fetch_snapshot() {
fetch_index_sanity || return 1
# Verify the snapshot contents
cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
- cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected
- find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap
+ cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u |
+ lam -s 'snap/' - -s '.gz' > files.expected
+ find snap -mindepth 1 | sort > files.snap
if ! cmp -s files.expected files.snap; then
echo "unexpected files in snapshot."
return 1
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
