[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted
From: |
Jim Meyering |
Subject: |
[PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted |
Date: |
Mon, 24 Nov 2008 17:09:08 +0100 |
Hi Bruno,
I noticed unquoted uses of $(top_srcdir) in lib/Makefile.am
and found that gnulib-tool generated them.
While that's normally not a problem (most of us use well-behaved names),
it can lead to malfunction or even serious abuse with ill-chosen or
malicious absolute source directory names.
For example, the patch below induces this change in coreutils'
lib/gnulib.mk:
--- lib/gnulib.mk.~1~ 2008-11-24 16:59:33.000000000 +0100
+++ lib/gnulib.mk 2008-11-24 17:01:42.000000000 +0100
@@ -1045 +1045 @@
-EXTRA_DIST += $(top_srcdir)/GNUmakefile
+EXTRA_DIST += '$(top_srcdir)'/GNUmakefile
[Exit 1]
>From 294322566e672fc08dd6f06374912c26e961d27d Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Mon, 24 Nov 2008 17:03:13 +0100
Subject: [PATCH] gnulib-tool: do not emit $(top_srcdir) unquoted; may be tainted
* gnulib-tool (func_get_automake_snippet) [sed_prepend_auxdir]:
Put quotes around $(top_srcdir) in emitted EXTRA_DIST += ... line.
This protects against embedded spaces or shell meta-charaters.
---
ChangeLog | 7 +++++++
gnulib-tool | 2 +-
2 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index daa90b2..0cdaa40 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2008-11-24 Jim Meyering <address@hidden>
+
+ gnulib-tool: do not emit $(top_srcdir) unquoted; may be tainted
+ * gnulib-tool (func_get_automake_snippet) [sed_prepend_auxdir]:
+ Put quotes around $(top_srcdir) in emitted EXTRA_DIST += ... line.
+ This protects against embedded spaces or shell meta-charaters.
+
2008-11-20 Bruno Haible <address@hidden>
Attempt to work around an AIX 5.3, 6.1 compiler bug with include_next.
diff --git a/gnulib-tool b/gnulib-tool
index 2e7b73d..93c5c3b 100755
--- a/gnulib-tool
+++ b/gnulib-tool
@@ -1448,7 +1448,7 @@ func_get_automake_snippet ()
esac; \
done | sed -e 's,^top/,,'`
if test -n "$top_files"; then
- sed_prepend_topdir='s,^,$(top_srcdir)/,'
+ sed_prepend_topdir='s,^,'\''$(top_srcdir)'\''/,'
echo "EXTRA_DIST += "`echo "$top_files" | sed -e "$sed_prepend_topdir"`
echo
fi
--
1.6.0.4.1044.g77718
- [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted,
Jim Meyering <=
- Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted, Ralf Wildenhues, 2008/11/24
- Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted, Jim Meyering, 2008/11/24
- Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted, Ralf Wildenhues, 2008/11/25
- Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted, Jim Meyering, 2008/11/25
- Automake and whitespace in pwd (was: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted), Ralf Wildenhues, 2008/11/26
- Re: Automake and whitespace in pwd, Jim Meyering, 2008/11/27
- Re: Automake and whitespace in pwd, Ralf Corsepius, 2008/11/27
- Re: Automake and whitespace in pwd, Ralf Wildenhues, 2008/11/27