* [PATCH] configure: fix out of tree build; check unsafe characters in srcdir
@ 2019-08-26 16:49 Tomi Ollila
0 siblings, 0 replies; only message in thread
From: Tomi Ollila @ 2019-08-26 16:49 UTC (permalink / raw)
To: notmuch; +Cc: tomi.ollila
While check for GMime session key extraction support... was made
out of tree build compatible, related (and some unrelated) unsafe
characters are now checked in notmuch source directory path.
The known unsafe characters in NOTMUCH_SRCDIR are:
- Single quote (') -- NOTMUCH_SRCDIR='${NOTMUCH_SRCDIR}'
is written to sh.config in configure line 1328.
- Double quote (") -- configure line 521 *now* writes "$srcdir"
into generated c source file ($NOTMUCH_SRCDIR includes $srcdir).
- The added $ and ` and \ are potentially unsafe -- inside double
quotes in shell script those have special meaning. Other characters
(except ", of course) don't expand inside double quoted strings.
---
configure | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 1e7b9f7a..d757ae82 100755
--- a/configure
+++ b/configure
@@ -26,6 +26,11 @@ readonly DEFAULT_IFS="$IFS"
srcdir=$(dirname "$0")
NOTMUCH_SRCDIR=$(cd "$srcdir" && pwd)
+case $NOTMUCH_SRCDIR in ( *\'* | *['"`$']* )
+ echo "Definitely unsafe characters in source path '$NOTMUCH_SRCDIR'".
+ exit 1
+esac
+
subdirs="util compat lib parse-time-string completion doc emacs"
subdirs="${subdirs} performance-test test test/test-databases"
subdirs="${subdirs} bindings"
@@ -513,7 +518,7 @@ int main () {
g_mime_init ();
parser = g_mime_parser_new ();
- g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("test/corpora/crypto/basic-encrypted.eml", "r", &error));
+ g_mime_parser_init_with_stream (parser, g_mime_stream_file_open("$srcdir/test/corpora/crypto/basic-encrypted.eml", "r", &error));
if (error) return !! fprintf (stderr, "failed to instantiate parser with test/corpora/crypto/basic-encrypted.eml\n");
body = GMIME_MULTIPART_ENCRYPTED(g_mime_message_get_mime_part (g_mime_parser_construct_message (parser, NULL)));
@@ -533,7 +538,7 @@ EOF
printf 'No.\nCould not make tempdir for testing session-key support.\n'
errors=$((errors + 1))
elif ${CC} ${CFLAGS} ${gmime_cflags} _check_session_keys.c ${gmime_ldflags} -o _check_session_keys \
- && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < test/gnupg-secret-key.asc \
+ && GNUPGHOME=${TEMP_GPG} gpg --batch --quiet --import < "$srcdir"/test/gnupg-secret-key.asc \
&& SESSION_KEY=$(GNUPGHOME=${TEMP_GPG} ./_check_session_keys) \
&& [ $SESSION_KEY = 9:0BACD64099D1468AB07C796F0C0AC4851948A658A15B34E803865E9FC635F2F5 ]
then
--
2.21.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-08-26 16:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-26 16:49 [PATCH] configure: fix out of tree build; check unsafe characters in srcdir Tomi Ollila
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).