[SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095

To: debian-lint-maint@lists.debian.org
Subject: [SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095
From: "Niels Thykier" <niels@thykier.net>
Date: Tue, 16 Apr 2013 16:26:25 +0000
Message-id: <[🔎] E1US8i8-0001eg-TU@vasks.debian.org>

The following commit has been merged in the master branch:
commit b5a961618ae310edc34ac7df16f5c823322af2df
Author: Niels Thykier <niels@thykier.net>
Date:   Thu Apr 4 23:33:42 2013 +0200

    c/init.d: Guard against possible symlink traversals
    
    Signed-off-by: Niels Thykier <niels@thykier.net>

diff --git a/checks/init.d b/checks/init.d
index 2c139ef..2604bf2 100644
--- a/checks/init.d
+++ b/checks/init.d
@@ -89,7 +89,9 @@ my $action_r = qr/\w+/;
 my $exclude_r = qr/if\s+\[\s+-x\s+\S*update-rc\.d/;
 
 # read postinst control file
-if (open(IN, '<', $postinst)) {
+if ( -f $postinst and not -l $postinst) {
+    open(IN, '<', $postinst)
+        or fail "open postinst: $!";
     while (<IN>) {
         next if /$exclude_r/o;
         s/\#.*$//o;
@@ -105,11 +107,13 @@ if (open(IN, '<', $postinst)) {
             tag 'output-of-updaterc.d-not-redirected-to-dev-null', "$name postinst";
         }
     }
+    close(IN);
 }
-close(IN);
 
 # read preinst control file
-if (open(IN, '<', $preinst)) {
+if ( -f $preinst and not -l $preinst) {
+    open(IN, '<', $preinst)
+        or fail "open preinst: $!";
     while (<IN>) {
         next if /$exclude_r/o;
         s/\#.*$//o;
@@ -124,7 +128,9 @@ if (open(IN, '<', $preinst)) {
 }
 
 # read postrm control file
-if (open(IN, '<', $postrm)) {
+if ( -f $postrm and not -l $postrm) {
+    open(IN, '<', $postrm)
+        or fail "open postrm: $!";
     while (<IN>) {
         next if /$exclude_r/o;
         s/\#.*$//o;
@@ -141,7 +147,9 @@ if (open(IN, '<', $postrm)) {
 }
 
 # read prerm control file
-if (open(IN, '<', $prerm)) {
+if ( -f $prerm and not -l $prerm) {
+    open(IN, '<', $prerm)
+        or fail "open prerm: $!";
     while (<IN>) {
         next if /$exclude_r/o;
         s/\#.*$//o;
diff --git a/debian/changelog b/debian/changelog
index 7e47fbd..96e262c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -109,6 +109,8 @@ lintian (2.5.12) UNRELEASED; urgency=low
     + [NT] Fix regression where Lintian would not properly match
       init.d passed to update-rc.d.  Thanks to Michael Meskes for
       reporting.  (Closes: #698602)
+    + [NT] Fix possible symlink traversal that could leak
+      information about the host system.
   * checks/java{,.desc}:
     + [NT] Report possibly broken jar files.
   * checks/md5sums:

-- 
Debian package checker

Reply to:

Prev by Date: [SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095
Next by Date: [SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095
Previous by thread: [SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095
Next by thread: [SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095
Index(es):
- Date
- Thread