[SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095
The following commit has been merged in the master branch:
commit 3565d96a76f9816061b0a32014a27a215e9c4df8
Author: Niels Thykier <niels@thykier.net>
Date: Sun Apr 7 23:22:15 2013 +0200
L::{Util,Path}: Recommend the use of is_ancestor_of
For testing if a symlink is safe to open, recommend is_ancestor_of
over "link_resolved" (Lintian::Path) and "resolve_pkg_path"
(Lintian::Util). The latter two generally needs a loop to test that
the link is safe, is_ancestor_of tests it in one go.
Signed-off-by: Niels Thykier <niels@thykier.net>
diff --git a/debian/changelog b/debian/changelog
index 6d79fdc..05b157f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -284,6 +284,9 @@ lintian (2.5.12) UNRELEASED; urgency=low
package, ensure that the resulting path does not "escape" the
top level directory. This should preemptively guard against some
(but not all) traversal attempts.
+ * lib/Lintian/Path.pm:
+ + [NT] Document that link_resolved is not sufficient to test the
+ "safeness" of a symlink.
* lib/Lintian/Command/Simple.pm:
+ [NT] Use constant time lookup access instead of linear scan with
"hashref" wait.
@@ -320,6 +323,8 @@ lintian (2.5.12) UNRELEASED; urgency=low
+ [NT] Add sub to check if a path is contained within a given dir.
+ [NT] Fix bug in resolve_pkg_path that made it resolve some links
incorrectly.
+ + [NT] Document that resolve_pkg_path is not sufficient to test the
+ "safeness" of a symlink.
* man/lintian.pod.in:
+ [NT] Document that --pedantic is the same as "-L +=pedantic".
diff --git a/lib/Lintian/Path.pm b/lib/Lintian/Path.pm
index bcbf1b4..3eb0d19 100644
--- a/lib/Lintian/Path.pm
+++ b/lib/Lintian/Path.pm
@@ -237,6 +237,12 @@ root dir of the package.
Only available on "links" (i.e. symlinks or hardlinks). On non-links
this will croak.
+B<CAVEAT>: This method is I<not always sufficient> to test if it is
+safe to open a given symlink. Use
+L<is_ancestor_of|Lintian::Util/is_ancestor_of(PARENTDIR, PATH)> for
+that. If you must use this method, remember to check that the target
+is not a symlink (or if it is, that it can be resolved).
+
=cut
sub link_resolved {
diff --git a/lib/Lintian/Util.pm b/lib/Lintian/Util.pm
index 96340d4..59f9171 100644
--- a/lib/Lintian/Util.pm
+++ b/lib/Lintian/Util.pm
@@ -1088,7 +1088,7 @@ sub check_path {
=item resolve_pkg_path (CURDIR, DEST)
-Using $CURDIR as current directory from the (package) root,
+Using CURDIR as current directory from the (package) root,
resolve DEST and return (the absolute) path to the destination.
Note that the result will never start with a slash, even if
CURDIR or DEST does. Nor will it end with a slash.
@@ -1098,6 +1098,12 @@ Note it will return '.' if the result is the package root.
Returns a non-truth value, if it cannot safely resolve the path
(e.g. DEST would be outside the package root).
+B<CAVEAT>: This function is I<not always sufficient> to test if it is
+safe to open a given symlink. Use
+L<is_ancestor_of|Lintian::Util/is_ancestor_of(PARENTDIR, PATH)> for
+that. If you must use this function, remember to check that the
+target is not a symlink (or if it is, that it can be resolved).
+
Examples:
resolve_pkg_path('/usr/share/java', '../ant/file') eq 'usr/share/ant/file'
--
Debian package checker
Reply to: