dracut/0096-dracut-functions-do-not-install-files-from-current-d.patch

From 4637c5c24252d636fc57af1a9aaaf629140a77c7 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Fri, 21 Oct 2011 10:09:55 +0200
Subject: [PATCH] dracut-functions: do not install files from current
 directory

Protect against relative pathnames without a slash for all inst_*()
functions.
---
 dracut-functions |   38 +++++++++++++++++++++-----------------
 1 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/dracut-functions b/dracut-functions
index 70a467b..a56e460 100755
--- a/dracut-functions
+++ b/dracut-functions
@@ -272,10 +272,10 @@ check_vol_slaves() {
 # will create ${initdir}/lib64, ${initdir}/lib64/file,
 # and a symlink ${initdir}/lib -> lib64.
 inst_dir() {
-    [[ -e ${initdir}"$1" ]] && return 0  # already there
+    [[ -e ${initdir}/"$1" ]] && return 0  # already there
 
     local _dir="$1" _part="${1%/*}" _file
-    while [[ "$_part" != "${_part%/*}" ]] && ! [[ -e "${initdir}${_part}" ]]; do
+    while [[ "$_part" != "${_part%/*}" ]] && ! [[ -e "${initdir}/${_part}" ]]; do
         _dir="$_part $_dir"
         _part=${_part%/*}
     done
@@ -306,12 +306,13 @@ inst_dir() {
 # Location of the image dir is assumed to be $initdir
 # We never overwrite the target if it exists.
 inst_simple() {
-    [[ -f $1 ]] || return 1
+    [[ -f "$1" ]] || return 1
+    strstr "$1" "/" || return 1
 
     local _src=$1 target="${2:-$1}"
-    if ! [[ -d ${initdir}$target ]]; then
-        [[ -e ${initdir}$target ]] && return 0
-        [[ -h ${initdir}$target ]] && return 0
+    if ! [[ -d ${initdir}/$target ]]; then
+        [[ -e ${initdir}/$target ]] && return 0
+        [[ -h ${initdir}/$target ]] && return 0
         inst_dir "${target%/*}"
     fi
     # install checksum files also
@@ -319,7 +320,7 @@ inst_simple() {
         inst "${_src%/*}/.${_src##*/}.hmac" "${target%/*}/.${target##*/}.hmac"
     fi
     ddebug "Installing $_src"
-    cp --sparse=always -pfL "$_src" "${initdir}$target" 
+    cp --sparse=always -pfL "$_src" "${initdir}/$target" 
 }
 
 # find symlinks linked to given library file
@@ -351,8 +352,9 @@ rev_lib_symlinks() {
 # It handles making symlinks according to how the original library
 # is referenced.
 inst_library() {
-    local _src=$1 _dest=${2:-$1} _lib _reallib _symlink
-    [[ -e $initdir$_dest ]] && return 0
+    local _src="$1" _dest=${2:-$1} _lib _reallib _symlink
+    strstr "$1" "/" || return 1
+    [[ -e $initdir/$_dest ]] && return 0
     if [[ -L $_src ]]; then
         # install checksum files also
         if [[ -e "${_src%/*}/.${_src##*/}.hmac" ]]; then
@@ -361,14 +363,14 @@ inst_library() {
         _reallib=$(readlink -f "$_src")
         inst_simple "$_reallib" "$_reallib"
         inst_dir "${_dest%/*}"
-        ln -sfn $(convert_abs_rel "${_dest}" "${_reallib}") "${initdir}${_dest}"
+        ln -sfn $(convert_abs_rel "${_dest}" "${_reallib}") "${initdir}/${_dest}"
     else
         inst_simple "$_src" "$_dest"
     fi
 
     # Create additional symlinks.  See rev_symlinks description.
     for _symlink in $(rev_lib_symlinks $_src) $(rev_lib_symlinks $_reallib); do
-        [[ ! -e $initdir$_symlink ]] && {
+        [[ ! -e $initdir/$_symlink ]] && {
             ddebug "Creating extra symlink: $_symlink"
             inst_symlink $_symlink
         }
@@ -396,7 +398,7 @@ inst_binary() {
     _bin=$(find_binary "$1") || return 1
     _target=${2:-$_bin}
     inst_symlink $_bin $_target && return 0
-    [[ -e $initdir$_target ]] && return 0
+    [[ -e $initdir/$_target ]] && return 0
 
     # If the binary being installed is also a library, add it to the loop.
     _so_regex='([^ ]*/lib[^/]*/[^ ]*\.so[^ ]*)'
@@ -414,7 +416,7 @@ inst_binary() {
         fi
         [[ $_line =~ $_so_regex ]] || continue
         _file=${BASH_REMATCH[1]}
-        [[ -e ${initdir}$_file ]] && continue
+        [[ -e ${initdir}/$_file ]] && continue
 
         # See if we are loading an optimized version of a shared lib.
         if [[ $_file =~ $_lib_regex ]]; then
@@ -439,19 +441,21 @@ inst_binary() {
 # same as above, except for shell scripts.
 # If your shell script does not start with shebang, it is not a shell script.
 inst_script() {
-    [[ -f $1 ]] || return 1
+    local _bin
+    _bin=$(find_binary "$1") || return 1
     local _line _shebang_regex
-    read -r -n 80 _line <"$1"
+    read -r -n 80 _line <"$_bin"
     # If debug is set, clean unprintable chars to prevent messing up the term
     [[ $debug ]] && _line=$(echo -n "$_line" | tr -c -d '[:print:][:space:]')
     _shebang_regex='(#! *)(/[^ ]+).*'
     [[ $_line =~ $_shebang_regex ]] || return 1
-    inst "${BASH_REMATCH[2]}" && inst_simple "$@"
+    inst "${BASH_REMATCH[2]}" && inst_binary "$@"
 }
 
 # same as above, but specialized for symlinks
 inst_symlink() {
-    local _src=$1 _target=$initdir${2:-$1} _realsrc
+    local _src=$1 _target=$initdir/${2:-$1} _realsrc
+    strstr "$1" "/" || return 1
     [[ -L $1 ]] || return 1
     [[ -L $_target ]] && return 0
     _realsrc=$(readlink -f "$_src")
update to latest git 2011-10-21 10:44:53 +00:00			`From 4637c5c24252d636fc57af1a9aaaf629140a77c7 Mon Sep 17 00:00:00 2001`
			`From: Harald Hoyer <harald@redhat.com>`
			`Date: Fri, 21 Oct 2011 10:09:55 +0200`
			`Subject: [PATCH] dracut-functions: do not install files from current`
			`directory`

			`Protect against relative pathnames without a slash for all inst_*()`
			`functions.`
			`---`
			`dracut-functions \| 38 +++++++++++++++++++++-----------------`
			`1 files changed, 21 insertions(+), 17 deletions(-)`

			`diff --git a/dracut-functions b/dracut-functions`
			`index 70a467b..a56e460 100755`
			`--- a/dracut-functions`
			`+++ b/dracut-functions`
			`@@ -272,10 +272,10 @@ check_vol_slaves() {`
			`# will create ${initdir}/lib64, ${initdir}/lib64/file,`
			`# and a symlink ${initdir}/lib -> lib64.`
			`inst_dir() {`
			`- [[ -e ${initdir}"$1" ]] && return 0 # already there`
			`+ [[ -e ${initdir}/"$1" ]] && return 0 # already there`

			`local _dir="$1" _part="${1%/*}" _file`
			`- while [[ "$_part" != "${_part%/*}" ]] && ! [[ -e "${initdir}${_part}" ]]; do`
			`+ while [[ "$_part" != "${_part%/*}" ]] && ! [[ -e "${initdir}/${_part}" ]]; do`
			`_dir="$_part $_dir"`
			`_part=${_part%/*}`
			`done`
			`@@ -306,12 +306,13 @@ inst_dir() {`
			`# Location of the image dir is assumed to be $initdir`
			`# We never overwrite the target if it exists.`
			`inst_simple() {`
			`- [[ -f $1 ]] \|\| return 1`
			`+ [[ -f "$1" ]] \|\| return 1`
			`+ strstr "$1" "/" \|\| return 1`

			`local _src=$1 target="${2:-$1}"`
			`- if ! [[ -d ${initdir}$target ]]; then`
			`- [[ -e ${initdir}$target ]] && return 0`
			`- [[ -h ${initdir}$target ]] && return 0`
			`+ if ! [[ -d ${initdir}/$target ]]; then`
			`+ [[ -e ${initdir}/$target ]] && return 0`
			`+ [[ -h ${initdir}/$target ]] && return 0`
			`inst_dir "${target%/*}"`
			`fi`
			`# install checksum files also`
			`@@ -319,7 +320,7 @@ inst_simple() {`
			`inst "${_src%/}/.${_src##/}.hmac" "${target%/}/.${target##/}.hmac"`
			`fi`
			`ddebug "Installing $_src"`
			`- cp --sparse=always -pfL "$_src" "${initdir}$target"`
			`+ cp --sparse=always -pfL "$_src" "${initdir}/$target"`
			`}`

			`# find symlinks linked to given library file`
			`@@ -351,8 +352,9 @@ rev_lib_symlinks() {`
			`# It handles making symlinks according to how the original library`
			`# is referenced.`
			`inst_library() {`
			`- local _src=$1 _dest=${2:-$1} _lib _reallib _symlink`
			`- [[ -e $initdir$_dest ]] && return 0`
			`+ local _src="$1" _dest=${2:-$1} _lib _reallib _symlink`
			`+ strstr "$1" "/" \|\| return 1`
			`+ [[ -e $initdir/$_dest ]] && return 0`
			`if [[ -L $_src ]]; then`
			`# install checksum files also`
			`if [[ -e "${_src%/}/.${_src##/}.hmac" ]]; then`
			`@@ -361,14 +363,14 @@ inst_library() {`
			`_reallib=$(readlink -f "$_src")`
			`inst_simple "$_reallib" "$_reallib"`
			`inst_dir "${_dest%/*}"`
			`- ln -sfn $(convert_abs_rel "${_dest}" "${_reallib}") "${initdir}${_dest}"`
			`+ ln -sfn $(convert_abs_rel "${_dest}" "${_reallib}") "${initdir}/${_dest}"`
			`else`
			`inst_simple "$_src" "$_dest"`
			`fi`

			`# Create additional symlinks. See rev_symlinks description.`
			`for _symlink in $(rev_lib_symlinks $_src) $(rev_lib_symlinks $_reallib); do`
			`- [[ ! -e $initdir$_symlink ]] && {`
			`+ [[ ! -e $initdir/$_symlink ]] && {`
			`ddebug "Creating extra symlink: $_symlink"`
			`inst_symlink $_symlink`
			`}`
			`@@ -396,7 +398,7 @@ inst_binary() {`
			`_bin=$(find_binary "$1") \|\| return 1`
			`_target=${2:-$_bin}`
			`inst_symlink $_bin $_target && return 0`
			`- [[ -e $initdir$_target ]] && return 0`
			`+ [[ -e $initdir/$_target ]] && return 0`

			`# If the binary being installed is also a library, add it to the loop.`
			`_so_regex='([^ ]/lib[^/]/[^ ]\.so[^ ])'`
			`@@ -414,7 +416,7 @@ inst_binary() {`
			`fi`
			`[[ $_line =~ $_so_regex ]] \|\| continue`
			`_file=${BASH_REMATCH[1]}`
			`- [[ -e ${initdir}$_file ]] && continue`
			`+ [[ -e ${initdir}/$_file ]] && continue`

			`# See if we are loading an optimized version of a shared lib.`
			`if [[ $_file =~ $_lib_regex ]]; then`
			`@@ -439,19 +441,21 @@ inst_binary() {`
			`# same as above, except for shell scripts.`
			`# If your shell script does not start with shebang, it is not a shell script.`
			`inst_script() {`
			`- [[ -f $1 ]] \|\| return 1`
			`+ local _bin`
			`+ _bin=$(find_binary "$1") \|\| return 1`
			`local _line _shebang_regex`
			`- read -r -n 80 _line <"$1"`
			`+ read -r -n 80 _line <"$_bin"`
			`# If debug is set, clean unprintable chars to prevent messing up the term`
			`[[ $debug ]] && _line=$(echo -n "$_line" \| tr -c -d '[:print:][:space:]')`
			`_shebang_regex='(#! )(/[^ ]+).'`
			`[[ $_line =~ $_shebang_regex ]] \|\| return 1`
			`- inst "${BASH_REMATCH[2]}" && inst_simple "$@"`
			`+ inst "${BASH_REMATCH[2]}" && inst_binary "$@"`
			`}`

			`# same as above, but specialized for symlinks`
			`inst_symlink() {`
			`- local _src=$1 _target=$initdir${2:-$1} _realsrc`
			`+ local _src=$1 _target=$initdir/${2:-$1} _realsrc`
			`+ strstr "$1" "/" \|\| return 1`
			`[[ -L $1 ]] \|\| return 1`
			`[[ -L $_target ]] && return 0`
			`_realsrc=$(readlink -f "$_src")`