Date: Fri, 7 Oct 2016 20:01:59 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r306825 - head/usr.sbin/portsnap/portsnap Message-ID: <201610072001.u97K1xwF093614@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Fri Oct 7 20:01:59 2016 New Revision: 306825 URL: https://svnweb.freebsd.org/changeset/base/306825 Log: portsnap: use lam on the known good hash list This change is equivalent to the approach committed in r306417, but if sed has a bug it could be exploited by the untrusted tar file. Instead, generate the expected tar content and compare that with find's output. convert the expected hash list to the expected tar content filesystem layout, and compare that with find's output. Submitted by: cperciva (in review D8052) Reviewed by: oshogbo MFC after: 2 weeks Modified: head/usr.sbin/portsnap/portsnap/portsnap.sh Modified: head/usr.sbin/portsnap/portsnap/portsnap.sh ============================================================================== --- head/usr.sbin/portsnap/portsnap/portsnap.sh Fri Oct 7 19:28:45 2016 (r306824) +++ head/usr.sbin/portsnap/portsnap/portsnap.sh Fri Oct 7 20:01:59 2016 (r306825) @@ -691,8 +691,9 @@ fetch_snapshot() { fetch_index_sanity || return 1 # Verify the snapshot contents cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1 - cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected - find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap + cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u | + lam -s 'snap/' - -s '.gz' > files.expected + find snap -mindepth 1 | sort > files.snap if ! cmp -s files.expected files.snap; then echo "unexpected files in snapshot." return 1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610072001.u97K1xwF093614>