aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-core/swupd-client/swupd-client/0001-staging.c-Protect-tar-command-against-special-charac.patch
blob: 99c4de088e368e016607dcd3a18708a0c0c6ca3c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
From d54cf4dcbd668289deb0a2ef303b6c8c5a95561d Mon Sep 17 00:00:00 2001
From: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Date: Mon, 18 Apr 2016 11:43:03 +0300
Subject: [PATCH] staging.c: Protect tar command against special characters

It may happen that a bundle contains a directory named '#' and
other files under this directory, thus not only target files
need to be escaped in tar commands, but also target directories
where the files get installed.

Also a target file may have a name with '@' as its first symbol.
Since the symbol has a special meaning in case of bsdtar the
name needs to escaped in tar commands with the prefix './'.

Upstream-Status: Submitted [https://github.com/clearlinux/swupd-client/pull/43]

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
---
 src/staging.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/staging.c b/src/staging.c
index deae1c2..09945b6 100644
--- a/src/staging.c
+++ b/src/staging.c
@@ -148,8 +148,8 @@ int do_staging(struct file *file, struct manifest *MoM)
 			ret = -errno;
 			goto out;
 		}
-		string_or_die(&tarcommand, TAR_COMMAND " -C %s " TAR_PERM_ATTR_ARGS " -cf - '%s' 2> /dev/null | "
-			      TAR_COMMAND " -C %s%s " TAR_PERM_ATTR_ARGS " -xf - 2> /dev/null",
+		string_or_die(&tarcommand, TAR_COMMAND " -C '%s' " TAR_PERM_ATTR_ARGS " -cf - './%s' 2> /dev/null | "
+			      TAR_COMMAND " -C '%s%s' " TAR_PERM_ATTR_ARGS " -xf - 2> /dev/null",
 			      rename_tmpdir, base, path_prefix, rel_dir);
 		ret = system(tarcommand);
 		if (WIFEXITED(ret)) {
@@ -186,8 +186,8 @@ int do_staging(struct file *file, struct manifest *MoM)
 				ret = -errno;
 				goto out;
 			}
-			string_or_die(&tarcommand, TAR_COMMAND " -C %s/staged " TAR_PERM_ATTR_ARGS " -cf - '.update.%s' 2> /dev/null | "
-				      TAR_COMMAND " -C %s%s " TAR_PERM_ATTR_ARGS " -xf - 2> /dev/null",
+			string_or_die(&tarcommand, TAR_COMMAND " -C '%s/staged' " TAR_PERM_ATTR_ARGS " -cf - '.update.%s' 2> /dev/null | "
+				      TAR_COMMAND " -C '%s%s' " TAR_PERM_ATTR_ARGS " -xf - 2> /dev/null",
 				      STATE_DIR, base, path_prefix, rel_dir);
 			ret = system(tarcommand);
 			if (WIFEXITED(ret)) {