diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2016-12-21 01:48:51 -0500 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2016-12-21 01:48:51 -0500 |
| commit | 4c25d0d5394116dfa3abc4d074d20abf7aec98f6 (patch) | |
| tree | f5d9d902b1cb304a5146a817f75cf436b74a380a | |
| parent | main: rework path handling to avoid unsafe strncat (diff) | |
| download | portage-utils-4c25d0d5394116dfa3abc4d074d20abf7aec98f6.tar.gz portage-utils-4c25d0d5394116dfa3abc4d074d20abf7aec98f6.tar.bz2 portage-utils-4c25d0d5394116dfa3abc4d074d20abf7aec98f6.zip | |
qxpak: add some error checking to subdir processing
| -rw-r--r-- | qxpak.c | 11 | ||||
| -rwxr-xr-x | tests/qxpak/dotest | 8 |
2 files changed, 17 insertions, 2 deletions
@@ -339,8 +339,15 @@ xpak_create(int dir_fd, const char *file, int argc, char **argv) if ((numfiles = scandir(argv[i], &dir, filter_hidden, alphasort)) < 0) warn("Directory '%s' is empty; skipping", argv[i]); for (fidx = 0; fidx < numfiles; ++fidx) { - snprintf(path, sizeof(path), "%s/%s", argv[i], dir[fidx]->d_name); - stat(path, &st); + int ret = snprintf(path, sizeof(path), "%s/%s", argv[i], dir[fidx]->d_name); + if (ret >= sizeof(path)) { + warn("skipping path too long: %s/%s", argv[i], dir[fidx]->d_name); + continue; + } + if (stat(path, &st) < 0) { + warnp("could not read %s", path); + continue; + } _xpak_add_file(dir_fd, path, &st, findex, &index_len, fdata, &data_len); } scandir_free(dir, numfiles); diff --git a/tests/qxpak/dotest b/tests/qxpak/dotest index 6c4c78a..69bdd08 100755 --- a/tests/qxpak/dotest +++ b/tests/qxpak/dotest @@ -10,6 +10,8 @@ files="a b c d e f" for l in ${files} ; do echo $l > $l done +mkdir subdir +cp ${files} subdir ################ qxpak -c xpak ${files} @@ -55,6 +57,12 @@ qxpak -l -v xpak > list diff -u list ${as}/list02.good tpass "check creation with clobbered output and file order" +################ +qxpak -c xpak subdir +qxpak -l -v xpak | sort > list +diff -u list ${as}/list01.good +tpass "check creation with subdir" + cleantmpdir end |