From owner-svn-src-user@FreeBSD.ORG Thu Dec 12 16:58:46 2013 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A4A42973; Thu, 12 Dec 2013 16:58:46 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 782FC1382; Thu, 12 Dec 2013 16:58:46 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rBCGwkmD093121; Thu, 12 Dec 2013 16:58:46 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id rBCGwkdV093120; Thu, 12 Dec 2013 16:58:46 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201312121658.rBCGwkdV093120@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Thu, 12 Dec 2013 16:58:46 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r259264 - user/des/tinderbox X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Dec 2013 16:58:46 -0000 Author: des Date: Thu Dec 12 16:58:45 2013 New Revision: 259264 URL: http://svnweb.freebsd.org/changeset/base/259264 Log: - Add --no-ignore to the "svn stat" command line so we pick up things like LINT etc which are normally hidden but can cause surprises. - Validate and untaint the SVN base URL. - In spawn(), check whether the command and arguments are tainted so we can more easily debug future occurrences. Modified: user/des/tinderbox/tinderbox.pl Modified: user/des/tinderbox/tinderbox.pl ============================================================================== --- user/des/tinderbox/tinderbox.pl Thu Dec 12 16:18:45 2013 (r259263) +++ user/des/tinderbox/tinderbox.pl Thu Dec 12 16:58:45 2013 (r259264) @@ -32,6 +32,7 @@ use strict; use Fcntl qw(:DEFAULT :flock); use POSIX; use Getopt::Long; +use Scalar::Util qw(tainted); my $VERSION = "2.20"; my $COPYRIGHT = "Copyright (c) 2003-2013 Dag-Erling Smørgrav. " . @@ -280,6 +281,14 @@ sub spawn($@) { my @args = @_; # Arguments message($cmd, @args); + # Check command and arguments for taint. The build will die + # anyway, but at least we'll have a starting point for debugging. + warning("command name is tainted\n") + if tainted($cmd); + for (my $i = 0; $i < @args; ++$i) { + warning("argv\[$i\] is tainted\n") + if tainted($args[$i]); + } my $pid = fork(); if (!defined($pid)) { return warning("fork(): $!"); @@ -471,6 +480,11 @@ MAIN:{ if (!defined($destdir)) { $destdir = "$sandbox/inst"; } + if ($svnbase && + $svnbase !~ m@^((?:svn(?:\+ssh)?://(?:[a-z][0-9a-z-]*)(?:\.[a-z][0-9a-z-]*)*(?::\d+)?|file://)/[\w./-]*)@) { + error("invalid SVN base URL"); + } + $svnbase = $1; if (!@ARGV) { usage(); @@ -632,7 +646,7 @@ MAIN:{ my $svnversioncmd = [grep({ -x } @svnversioncmds)]->[0] or error("unable to locate svnversion binary"); if ($verbose) { - spawn($svncmd, "stat", $srcdir) + spawn($svncmd, "stat", "--no-ignore", $srcdir) or error("unable to stat source tree"); } my $svnversion = `$svnversioncmd $srcdir`; # XXX