[SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248

To: debian-lint-maint@lists.debian.org
Subject: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
From: "Niels Thykier" <niels@thykier.net>
Date: Tue, 16 Apr 2013 16:40:48 +0000
Message-id: <[🔎] E1US8w4-00055i-T5@vasks.debian.org>

The following commit has been merged in the squeeze branch:
commit e4a27dc1b77e804f49b282ad7f23d080fc6f1b14
Author: Niels Thykier <niels@thykier.net>
Date:   Fri Apr 5 10:01:27 2013 +0200

    Util: Add is_ancestor_of function
    
    This function can test if a given path is "contained" within a given
    dir (or is the dir itself).
    
    Signed-off-by: Niels Thykier <niels@thykier.net>

diff --git a/debian/changelog b/debian/changelog
index f99143c..d1f2779 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,9 @@ lintian (2.4.3+squeeze2) stable; urgency=low
     + [NT] Fix path traversal issue that could leak information
       about the host system.
 
+  * lib/Util.pm:
+    + [NT] Add sub to check if a path is contained within a given dir.
+
  -- Niels Thykier <niels@thykier.net>  Fri, 05 Apr 2013 22:00:00 +0200
 
 lintian (2.4.3+squeeze1) stable; urgency=low
diff --git a/lib/Util.pm b/lib/Util.pm
index 136a04d..60d7686 100644
--- a/lib/Util.pm
+++ b/lib/Util.pm
@@ -22,6 +22,8 @@
 package Util;
 use strict;
 
+use Carp qw(croak);
+use Cwd qw(abs_path);
 use Exporter;
 
 # Force export as soon as possible, since some of the modules we load also
@@ -43,7 +45,8 @@ BEGIN {
 	copy_dir
 	gunzip_file
 	touch_file
-	perm2oct);
+	perm2oct
+	is_ancestor_of);
 }
 
 use FileHandle;
@@ -313,6 +316,39 @@ sub fail {
     die $str;
 }
 
+#is_ancestor_of(PARENTDIR, PATH)
+#
+#Returns true if and only if PATH is PARENTDIR or a path stored
+#somewhere within PARENTDIR (or its subdirs).
+#
+#This function will resolve the paths; any failure to resolve the path
+#will cause a trappable error.
+#
+sub is_ancestor_of {
+    my ($ancestor, $file) = @_;
+    my $resolved_file = abs_path($file);
+    croak("resolving $file failed: $!")
+	unless defined $resolved_file;
+    my $resolved_ancestor = abs_path($ancestor);
+    croak("resolving $ancestor failed: $!")
+	unless defined $resolved_file;
+    my $len;
+    return 1 if $resolved_ancestor eq $resolved_file;
+    # add a slash, "path/some-dir" is not "path/some-dir-2" and this
+    # allows us to blindly match against the root dir.
+    $resolved_file .= '/';
+    $resolved_ancestor .= '/';
+
+    # If $resolved_file is contained within $resolved_ancestor, then
+    # $resolved_ancestor will be a prefix of $resolved_file.
+    $len = length($resolved_ancestor);
+    if (substr($resolved_file, 0, $len) eq $resolved_ancestor) {
+        return 1;
+    }
+    return 0;
+}
+
+
 1;
 
 # Local Variables:

-- 
Debian package checker

Reply to:

Prev by Date: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
Next by Date: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
Previous by thread: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
Next by thread: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
Index(es):
- Date
- Thread