Properly validate repository descriptors.

Repository descriptors (*.repo files) weren't properly validated on load. This could lead to unexpected problems whenever a wrong descriptor is found. This patch replaces the original 2-lines loader with a proper parsing function which also performs some sanity checks. While at it, stop using the magic number '7' as the number of fields in a repository record -- use a variable instead. Signed-off-by: Mauro Giachero <mauro.giachero@gmail.com>
2025-01-29 20:34:34 +01:00 · 2009-07-23 16:40:05 +00:00 · 2009-07-23 16:40:05 +00:00 · 39ce2083f4
commit 39ce2083f4
parent a5b7b85b4d
2 changed files with 65 additions and 8 deletions
--- a/src/usr/doc/README-repos.d
+++ b/src/usr/doc/README-repos.d
@ -13,7 +13,7 @@ is compound of the following seven fields:

 1.  REPOSITORY (a _short_ name identifying the repository)
 2.  BRANCH (a _short_ name identifying the branch of that repository)
-3.  DESCRIPTION (a <50 chars description, which _must_be_double_quoted_)
+3.  DESCRIPTION (a <50 chars description, which _must_be_quoted_)
 4.  TAG (the packages' tag)
 5.  TOOL (rsync, git or "", is the tool able to check out the repository/branch)
 6.  LINK (the tool-dependent link to the branch)
@ -35,5 +35,5 @@ still be present).  CHECKGPG format can be "GPG" if the repo supports GPG
 checking, or "" (which also must be present) if the repo does not support GPG
 checks.

-Lines _containing_ # are ignored when parsing the files.  Lines containing a
-single quote (') or backslashes (\) are not allowed.
+Lines _containing_ # are ignored when parsing the files.  Lines containing
+backslashes (\) are not allowed.
--- a/src/usr/sbin/sbopkg
+++ b/src/usr/sbin/sbopkg
@ -181,13 +181,68 @@ EOF
    fi

    # Load the repositories data
-    eval REPOSITORIES=( $(cat $SBOPKG_REPOS_D/*.repo | grep -v '#' |
-        sed 's:":\\":g' | xargs echo) )
+    load_repositories || exit 1

    # Check for ncurses
    [[ -x /usr/bin/tput ]] && HAS_NCURSES=1
 }

+load_repositories() {
+    # Fill the REPOSITORIES array with the data from the .repo files
+
+    local FILE LINE i
+    local TMPARRAY
+    local ERROR
+
+    for FILE in $SBOPKG_REPOS_D/*.repo; do
+        # Reading from $FILE...
+        while read LINE; do
+            grep -q '#' <<< "$LINE" && continue
+            eval TMPARRAY=( "$LINE" )
+            [[ ${#TMPARRAY[@]} -eq 0 ]] && continue;
+            # Sanity checks
+            [[ ! ${TMPARRAY[6]} =~ '^GPG$|^$' ]] && ERROR="gpg"
+            [[ ! ${TMPARRAY[4]} =~ '^rsync$|^git$|^$' ]] && ERROR="tool"
+            [[ ${#TMPARRAY[@]} -ne $REPOS_FIELDS ]] && ERROR="fields"
+            [[ -n $ERROR ]] && break 2
+            # Add the record to REPOSITORIES
+            for i in ${!TMPARRAY[@]}; do
+                REPOSITORIES[${#REPOSITORIES[@]}]="${TMPARRAY[$i]}"
+            done
+        done < $FILE
+    done
+
+    if [[ -n $ERROR ]]; then
+            cat <<EOF
+ERROR
+$SCRIPT: Invalid repository descriptor
+
+Line
+  $LINE
+of
+  $FILE
+EOF
+
+        case $ERROR in
+            'fields' )
+                crunch_fmt "doesn't contain the right number of fields\
+                    ($REPOS_FIELDS)."
+                ;;
+            'tool' )
+                crunch_fmt "specifies an unknown fetching tool\
+                    (${TMPARRAY[4]})."
+                ;;
+            'gpg' )
+                crunch_fmt "specifies an unknown signature checker\
+                    (${TMPARRAY[6]})."
+                ;;
+        esac
+        return 1
+    fi
+
+    return 0
+}
+
 ck_dir() {
    # This function displays the directory-creation message and then creates
    # the missing directory.
@ -867,7 +922,7 @@ set_repo_vars() {
    # Make sure we don't return old values with an invalid input
    unset REPO_DESC REPO_TAG REPO_TOOL REPO_LINK REPO_DIR REPO_GPG

-    for ((i=0; i<${#REPOSITORIES[@]}; i+=7)); do
+    for ((i=0; i<${#REPOSITORIES[@]}; i+=$REPOS_FIELDS)); do
        if [[ ( ${REPOSITORIES[$i]} = $REPO_NAME || $REPO_NAME = "" ) &&
                ${REPOSITORIES[$((i + 1))]} = $REPO_BRANCH ]]; then
            REPO_NAME=${REPOSITORIES[i]}
@ -901,7 +956,7 @@ select_repository() {
            like to change it, please select another repository below or \
            press <Back> to go back.")"' 17 60 7 \
            $(
-                for ((i=0; i<${#REPOSITORIES[@]}; i+=7)); do
+                for ((i=0; i<${#REPOSITORIES[@]}; i+=$REPOS_FIELDS)); do
                    echo \"${REPOSITORIES[$((i+1))]} \(${REPOSITORIES[$i]}\)\"
                    echo \"${REPOSITORIES[$((i+2))]}\"
                done
@ -3955,6 +4010,7 @@ unset BUILDOPTIONS    # TODO
 #     SBOPKG_CONF     # Configuration file
 #     REPO_ROOT       # Directory containing all repository mirrors
 unset HAS_NCURSES     # Set if the ncurses package is installed
+unset REPOS_FIELDS    # Number of fields for each repository entry
 unset REPO_NAME       # Currently active repository (e.g. SBo)
 unset REPO_BRANCH     # Currently active branch (e.g. 13.0)
 unset REPO_DESC       # Active branch's description
@ -3980,6 +4036,7 @@ REV="$Revision$"
 SBOVER=svn_r$(cut -d' ' -f2 <<< "$REV")
 DIAG=1
 ON_ERROR=ask
+REPOS_FIELDS=7

 # Make sure we are root.
 if [[ $(id -u) != 0 ]]; then
@ -4149,7 +4206,7 @@ set_repo_vars
 if [[ $? -ne 0 ]] ; then
    echo "Unknown repository name -- \"$CUSTOMVER\"" >&2
    echo "Valid options are:" >&2
-    for ((i=0; i<${#REPOSITORIES[@]}; i+=7)); do
+    for ((i=0; i<${#REPOSITORIES[@]}; i+=$REPOS_FIELDS)); do
        echo -en "${REPOSITORIES[$i]}/${REPOSITORIES[(($i + 1))]}\\t" >&2
        echo "(${REPOSITORIES[(($i + 2))]})" >&2
    done