Re: [PATCH] git-quiltimport: fix security risk because of un-sanitized $level.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pierre Habouzit <madcoder@xxxxxxxxxx> writes:

> Signed-off-by: Pierre Habouzit <madcoder@xxxxxxxxxx>
> ---
>
>   I assume that nobody will have a series with -p1000 in it :)
>   sorry for this gross mistake in the first place.
>
>   [ for the inattentive readers $level was used without quoting, for
>     good reasons as it's sometime empty and then we don't want to pass
>     an empty argument to git-apply, though someone could use that to run
>     arbitrary commands, not nice ]

A traditional way to deal with that situation in shell scripts is to use
this idiom:

	${var_that_may_not_be_set+"$var_that_may_not_be_set"}

You can use :+ in place of + to also reject empty string on modern
systems.

#!/bin/sh
not_set=t ; unset not_set
is_set=t

report () {
	echo "I got $# args"
        i=1
        for it
        do
        	echo "$i: $it"
                i=$(( $i+1 ))
	done
        echo
}

report sending not_set ${not_set:+"$not_set"} string
report sending is_set ${is_set:+"$is_set"} string

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux