diff options
author | delphij <delphij@FreeBSD.org> | 2016-09-09 06:59:01 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2016-09-09 06:59:01 +0000 |
commit | f9b4762efc9021e3a72b0aa5e0b1b152545f8ffd (patch) | |
tree | c5439d81594d634618cfa9403f7f61c053556325 | |
parent | ce50eef2158ca812c96f7f264f160ad59e85490d (diff) | |
download | FreeBSD-src-f9b4762efc9021e3a72b0aa5e0b1b152545f8ffd.zip FreeBSD-src-f9b4762efc9021e3a72b0aa5e0b1b152545f8ffd.tar.gz |
MFC r305469:
Ensure that we always open only files that is named by explicitly
using shell redirections instead of having gzip(1) to decide what
file to open.
Issue reported in the "non-cryptanalytic attacks against freebsd
update components" anonymous gist.
Reviewed by: allanjude, emaste
-rw-r--r-- | usr.sbin/portsnap/portsnap/portsnap.sh | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr.sbin/portsnap/portsnap/portsnap.sh b/usr.sbin/portsnap/portsnap/portsnap.sh index cba06d2..3dcf618 100644 --- a/usr.sbin/portsnap/portsnap/portsnap.sh +++ b/usr.sbin/portsnap/portsnap/portsnap.sh @@ -651,7 +651,7 @@ fetch_index_sanity() { # Verify a list of files fetch_snapshot_verify() { while read F; do - if [ "`gunzip -c snap/${F} | ${SHA256} -q`" != ${F} ]; then + if [ "`gunzip -c < snap/${F}.gz | ${SHA256} -q`" != ${F} ]; then echo "snapshot corrupt." return 1 fi @@ -686,7 +686,7 @@ fetch_snapshot() { cut -f 2 -d '|' tINDEX.new | fetch_snapshot_verify || return 1 # Extract the index rm -f INDEX.new - gunzip -c snap/`look INDEX tINDEX.new | + gunzip -c < snap/`look INDEX tINDEX.new | cut -f 2 -d '|'`.gz > INDEX.new fetch_index_sanity || return 1 # Verify the snapshot contents @@ -782,7 +782,7 @@ fetch_update() { # Extract the index echo -n "Extracting index... " 1>${QUIETREDIR} - gunzip -c files/`look INDEX tINDEX.new | + gunzip -c < files/`look INDEX tINDEX.new | cut -f 2 -d '|'`.gz > INDEX.new fetch_index_sanity || return 1 @@ -902,7 +902,7 @@ extract_make_index() { echo -n "$1 not provided by portsnap server; " echo "$2 not being generated." else - gunzip -c "${WORKDIR}/files/`look $1 ${WORKDIR}/tINDEX | + gunzip -c < "${WORKDIR}/files/`look $1 ${WORKDIR}/tINDEX | cut -f 2 -d '|'`.gz" | cat - ${LOCALDESC} | ${MKINDEX} /dev/stdin > ${PORTSDIR}/$2 |