Re: [PATCH] rteval: restrict kernel source download with invalid file extensions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Wed, 3 Aug 2022, Manasi Godse wrote:

> If the user inputs an extension other than tar.xz or tar.gz to the -S or --source-download option, the
> program should exit.
> 
> Signed-off-by: Manasi Godse <magodse@xxxxxxxxxx>
> ---
>  rteval-cmd | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/rteval-cmd b/rteval-cmd
> index c1a68bd5133b..e4a6bcb223da 100755
> --- a/rteval-cmd
> +++ b/rteval-cmd
> @@ -275,6 +275,10 @@ if __name__ == '__main__':
>                  major_version = re.search(r"\d{1,2}", kernel_prefix).group(0)
>                  url = "https://kernel.org/pub/linux/kernel/v"; + major_version + ".x/"
>  
> +            file_ext = rtevcfg.srcdownload.split(kernel_prefix)[-1]
> +
> +            if file_ext and file_ext not in ('.tar.xz', '.tar.gz'):
> +                sys.exit("Invalid file extension for the kernel source. Exiting")
>  
>              if rtevcfg.srcdownload.endswith(".gz") or 'rc' in rtevcfg.srcdownload:
>                  rtevcfg.srcdownload = "linux-" + kernel_prefix + ".tar.gz"
> -- 
> 2.31.1
> 
> 
Signed-off-by: John Kacur <jkacur@xxxxxxxxxx>
[Index of Archives]     [RT Stable]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux