[SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248

To: debian-lint-maint@lists.debian.org
Subject: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
From: "Niels Thykier" <niels@thykier.net>
Date: Tue, 16 Apr 2013 16:40:48 +0000
Message-id: <[🔎] E1US8w4-000557-2p@vasks.debian.org>

The following commit has been merged in the squeeze branch:
commit 905b86d5cc06eaec90b8814607f1478fb5f717a9
Author: Niels Thykier <niels@thykier.net>
Date:   Thu Apr 4 23:33:42 2013 +0200

    c/init.d: Guard against possible symlink traversals
    
    Signed-off-by: Niels Thykier <niels@thykier.net>

diff --git a/checks/init.d b/checks/init.d
index 5fa6213..5454286 100644
--- a/checks/init.d
+++ b/checks/init.d
@@ -77,7 +77,9 @@ my $action_r = qr/\w+/;
 my $exclude_r = qr/if\s+\[\s+-x\s+\S*update-rc\.d/;
 
 # read postinst control file
-if (open(IN, '<', $postinst)) {
+if ( -f $postinst and not -l $postinst) {
+    open(IN, '<', $postinst)
+        or fail "open postinst: $!";
     while (<IN>) {
 	next if /$exclude_r/o;
 	s/\#.*$//o;
@@ -93,11 +95,13 @@ if (open(IN, '<', $postinst)) {
 	    tag "output-of-updaterc.d-not-redirected-to-dev-null", "$name postinst";
 	}
     }
+    close(IN);
 }
-close(IN);
 
 # read preinst control file
-if (open(IN, '<', $preinst)) {
+if ( -f $preinst and not -l $preinst) {
+    open(IN, '<', $preinst)
+        or fail "open preinst: $!";
     while (<IN>) {
 	next if /$exclude_r/o;
 	s/\#.*$//o;
@@ -110,7 +114,9 @@ if (open(IN, '<', $preinst)) {
 }
 
 # read postrm control file
-if (open(IN, '<', $postrm)) {
+if ( -f $postrm and not -l $postrm) {
+    open(IN, '<', $postrm)
+        or fail "open postrm: $!";
     while (<IN>) {
 	next if /$exclude_r/o;
 	s/\#.*$//o;
@@ -127,7 +133,9 @@ if (open(IN, '<', $postrm)) {
 }
 
 # read prerm control file
-if (open(IN, '<', $prerm)) {
+if ( -f $prerm and not -l $prerm) {
+    open(IN, '<', $prerm)
+        or fail "open prerm: $!";
     while (<IN>) {
 	next if /$exclude_r/o;
 	s/\#.*$//o;
diff --git a/debian/changelog b/debian/changelog
index 367b794..6e24b82 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ lintian (2.4.3+squeeze2) stable; urgency=low
   * checks/debconf:
     + [NT] Fix several path traversal issues that could leak
       information about the host system.
+  * checks/init.d:
+    + [NT] Fix possible symlink traversal that could leak
+      information about the host system.
   * checks/md5sums:
     + [NT] Fix path traversal issue that could leak information
       about the host system.

-- 
Debian package checker

Reply to:

Prev by Date: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
Next by Date: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
Previous by thread: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
Next by thread: [SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
Index(es):
- Date
- Thread