]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49a4d7d)
goinstall: protect against malicious filenames.
authorRoger Peppe <rogpeppe@gmail.com>
Wed, 2 Mar 2011 20:04:08 +0000 (15:04 -0500)
committerRuss Cox <rsc@golang.org>
Wed, 2 Mar 2011 20:04:08 +0000 (15:04 -0500)
It was possible to make package run arbitrary
commands when installing if its filenames contained
make metacharacters.

R=rsc, niemeyer
CC=golang-dev
https://golang.org/cl/4248041

src/cmd/goinstall/make.go patch | blob | history

diff --git a/src/cmd/goinstall/make.go b/src/cmd/goinstall/make.go
index 8d4d6c5d28b3e8d4a579b647957f0fc1b4238961..e2d99bb47796ae2e138c31771443c4adb697cce6 100644 (file)
--- a/src/cmd/goinstall/make.go
+++ b/src/cmd/goinstall/make.go
@@ -44,6 +44,9 @@ func domake(dir, pkg string, local bool) (err os.Error) {
 // installing as package pkg.  It includes all *.go files in the directory
 // except those in package main and those ending in _test.go.
 func makeMakefile(dir, pkg string) ([]byte, os.Error) {
+       if !safeName(pkg) {
+               return nil, os.ErrorString("unsafe name: " + pkg)
+       }
        dirInfo, err := scanDir(dir, false)
        if err != nil {
                return nil, err
@@ -58,16 +61,25 @@ func makeMakefile(dir, pkg string) ([]byte, os.Error) {
        cgoFiles := dirInfo.cgoFiles
        isCgo := make(map[string]bool, len(cgoFiles))
        for _, file := range cgoFiles {
+               if !safeName(file) {
+                       return nil, os.ErrorString("bad name: " + file)
+               }
                isCgo[file] = true
        }
 
        oFiles := make([]string, 0, len(dirInfo.cFiles))
        for _, file := range dirInfo.cFiles {
+               if !safeName(file) {
+                       return nil, os.ErrorString("unsafe name: " + file)
+               }
                oFiles = append(oFiles, file[:len(file)-2]+".o")
        }
 
        goFiles := make([]string, 0, len(dirInfo.goFiles))
        for _, file := range dirInfo.goFiles {
+               if !safeName(file) {
+                       return nil, os.ErrorString("unsafe name: " + file)
+               }
                if !isCgo[file] {
                        goFiles = append(goFiles, file)
                }
@@ -81,6 +93,17 @@ func makeMakefile(dir, pkg string) ([]byte, os.Error) {
        return buf.Bytes(), nil
 }
 
+var safeBytes = []byte("+-./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz")
+
+func safeName(s string) bool {
+       for i := 0; i < len(s); i++ {
+               if c := s[i]; c < 0x80 && bytes.IndexByte(safeBytes, c) < 0 {
+                       return false
+               }
+       }
+       return true
+}
+
 // makedata is the data type for the makefileTemplate.
 type makedata struct {
        Pkg      string   // package import path
Go GOST TLS 1.3