[PATCH] rteval: restrict kernel source download with invalid file extensions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If the user inputs an extension other than tar.xz or tar.gz to the -S or --source-download option, the
program should exit.

Signed-off-by: Manasi Godse <magodse@xxxxxxxxxx>
---
 rteval-cmd | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rteval-cmd b/rteval-cmd
index c1a68bd5133b..e4a6bcb223da 100755
--- a/rteval-cmd
+++ b/rteval-cmd
@@ -275,6 +275,10 @@ if __name__ == '__main__':
                 major_version = re.search(r"\d{1,2}", kernel_prefix).group(0)
                 url = "https://kernel.org/pub/linux/kernel/v"; + major_version + ".x/"
 
+            file_ext = rtevcfg.srcdownload.split(kernel_prefix)[-1]
+
+            if file_ext and file_ext not in ('.tar.xz', '.tar.gz'):
+                sys.exit("Invalid file extension for the kernel source. Exiting")
 
             if rtevcfg.srcdownload.endswith(".gz") or 'rc' in rtevcfg.srcdownload:
                 rtevcfg.srcdownload = "linux-" + kernel_prefix + ".tar.gz"
-- 
2.31.1
[Index of Archives]     [RT Stable]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux