summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorDave Reisner <dreisner@archlinux.org>2012-11-25 16:00:58 -0500
committerAllan McRae <allan@archlinux.org>2012-12-14 12:35:34 +1000
commit5a5e712c749edb8bca448f119769d8bbe381c348 (patch)
tree8c1e9886295615f7b96628b5dab1cd58a11af637 /scripts
parent8e736e1c9a4fb4ba375fe1f02be9e956f5f472d9 (diff)
downloadpacman-5a5e712c749edb8bca448f119769d8bbe381c348.tar.xz
pkgdelta: avoid use of eval and IFS manipulation
Instead of blindly consuming data from the .PKGINFO file, parse it more closely and only declare variables as needed. Should help to avoid nonsensical errors and possibly dangerous command execution as seen in FS#32852. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r--scripts/pkgdelta.sh.in28
1 files changed, 12 insertions, 16 deletions
diff --git a/scripts/pkgdelta.sh.in b/scripts/pkgdelta.sh.in
index 08835ac8..f9b40c96 100644
--- a/scripts/pkgdelta.sh.in
+++ b/scripts/pkgdelta.sh.in
@@ -72,23 +72,19 @@ isnumeric() {
[[ $1 != *[!0-9]* ]]
}
-read_pkginfo()
-{
- pkgname= pkgver= arch=
- local OLDIFS=$IFS
- # IFS (field separator) is only the newline character
- IFS="
-"
- local line var val
- for line in $(bsdtar -xOqf "$1" .PKGINFO 2>/dev/null |
- grep -v "^#" | sed 's|\(\w*\)\s*=\s*\(.*\)|\1="\2"|'); do
- eval "$line"
- if [[ -n $pkgname && -n $pkgver && -n $arch ]]; then
- IFS=$OLDIFS
- return 0
- fi
+read_pkginfo() {
+ while IFS='=' read -r field value; do
+ # skip comments and invalid lines
+ [[ $field = '#'* || -z $value ]] && continue
+
+ # skip lines which aren't fields we care about
+ [[ $field != @(pkgver|pkgname|arch) ]] || continue
+
+ declare "$field=$value"
+
+ [[ $pkgname && $pkgver && $arch ]] && return 0
done
- IFS=$OLDIFS
+
error "$(gettext "Invalid package file '%s'.")" "$1"
return 1
}