[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095



The following commit has been merged in the master branch:
commit 3565d96a76f9816061b0a32014a27a215e9c4df8
Author: Niels Thykier <niels@thykier.net>
Date:   Sun Apr 7 23:22:15 2013 +0200

    L::{Util,Path}: Recommend the use of is_ancestor_of
    
    For testing if a symlink is safe to open, recommend is_ancestor_of
    over "link_resolved" (Lintian::Path) and "resolve_pkg_path"
    (Lintian::Util).  The latter two generally needs a loop to test that
    the link is safe, is_ancestor_of tests it in one go.
    
    Signed-off-by: Niels Thykier <niels@thykier.net>

diff --git a/debian/changelog b/debian/changelog
index 6d79fdc..05b157f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -284,6 +284,9 @@ lintian (2.5.12) UNRELEASED; urgency=low
       package, ensure that the resulting path does not "escape" the
       top level directory.  This should preemptively guard against some
       (but not all) traversal attempts.
+  * lib/Lintian/Path.pm:
+    + [NT] Document that link_resolved is not sufficient to test the
+      "safeness" of a symlink.
   * lib/Lintian/Command/Simple.pm:
     + [NT] Use constant time lookup access instead of linear scan with
       "hashref" wait.
@@ -320,6 +323,8 @@ lintian (2.5.12) UNRELEASED; urgency=low
     + [NT] Add sub to check if a path is contained within a given dir.
     + [NT] Fix bug in resolve_pkg_path that made it resolve some links
       incorrectly.
+    + [NT] Document that resolve_pkg_path is not sufficient to test the
+      "safeness" of a symlink.
 
   * man/lintian.pod.in:
     + [NT] Document that --pedantic is the same as "-L +=pedantic".
diff --git a/lib/Lintian/Path.pm b/lib/Lintian/Path.pm
index bcbf1b4..3eb0d19 100644
--- a/lib/Lintian/Path.pm
+++ b/lib/Lintian/Path.pm
@@ -237,6 +237,12 @@ root dir of the package.
 Only available on "links" (i.e. symlinks or hardlinks).  On non-links
 this will croak.
 
+B<CAVEAT>: This method is I<not always sufficient> to test if it is
+safe to open a given symlink.  Use
+L<is_ancestor_of|Lintian::Util/is_ancestor_of(PARENTDIR, PATH)> for
+that.  If you must use this method, remember to check that the target
+is not a symlink (or if it is, that it can be resolved).
+
 =cut
 
 sub link_resolved {
diff --git a/lib/Lintian/Util.pm b/lib/Lintian/Util.pm
index 96340d4..59f9171 100644
--- a/lib/Lintian/Util.pm
+++ b/lib/Lintian/Util.pm
@@ -1088,7 +1088,7 @@ sub check_path {
 
 =item resolve_pkg_path (CURDIR, DEST)
 
-Using $CURDIR as current directory from the (package) root,
+Using CURDIR as current directory from the (package) root,
 resolve DEST and return (the absolute) path to the destination.
 Note that the result will never start with a slash, even if
 CURDIR or DEST does. Nor will it end with a slash.
@@ -1098,6 +1098,12 @@ Note it will return '.' if the result is the package root.
 Returns a non-truth value, if it cannot safely resolve the path
 (e.g. DEST would be outside the package root).
 
+B<CAVEAT>: This function is I<not always sufficient> to test if it is
+safe to open a given symlink.  Use
+L<is_ancestor_of|Lintian::Util/is_ancestor_of(PARENTDIR, PATH)> for
+that.  If you must use this function, remember to check that the
+target is not a symlink (or if it is, that it can be resolved).
+
 Examples:
 
   resolve_pkg_path('/usr/share/java', '../ant/file') eq  'usr/share/ant/file'

-- 
Debian package checker


Reply to: