d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

portsnap: use lam on the known good hash list

Browse Source 
This change is equivalent to the approach committed in r306417, but if
sed has a bug it could be exploited by the untrusted tar file. Instead,
generate the expected tar content and compare that with find's output.

convert the expected hash list to the expected tar content filesystem
layout, and compare that with find's output.

Submitted by:	cperciva (in review D8052)
Reviewed by:	oshogbo
MFC after:	2 weeks
This commit is contained in:
emaste 2016-10-07 20:01:59 +00:00
parent c2587c68b5
commit 909bb20a50
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
usr.sbin/portsnap/portsnap/portsnap.sh
View File

@ -691,8 +691,9 @@ fetch_snapshot() {
fetch_index_sanity || return 1
# Verify the snapshot contents
cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected
find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap
cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u |
lam -s 'snap/' - -s '.gz' > files.expected
find snap -mindepth 1 | sort > files.snap
if ! cmp -s files.expected files.snap; then
echo "unexpected files in snapshot."
return 1