CVS commit: src

Taylor R Campbell Sat, 02 Sep 2023 10:45:16 -0700

Module Name:    src
Committed By:   riastradh
Date:           Sat Sep  2 17:41:43 UTC 2023


Modified Files:
        src/tests/usr.sbin/certctl: t_certctl.sh
        src/usr.sbin/certctl: certctl.sh

Log Message:
certctl(8): Fix some bugs with evil pathnames.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/tests/usr.sbin/certctl/t_certctl.sh
cvs rdiff -u -r1.3 -r1.4 src/usr.sbin/certctl/certctl.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/tests/usr.sbin/certctl/t_certctl.sh
diff -u src/tests/usr.sbin/certctl/t_certctl.sh:1.6 src/tests/usr.sbin/certctl/t_certctl.sh:1.7
--- src/tests/usr.sbin/certctl/t_certctl.sh:1.6	Sat Sep  2 17:41:33 2023
+++ src/tests/usr.sbin/certctl/t_certctl.sh	Sat Sep  2 17:41:43 2023
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-#	$NetBSD: t_certctl.sh,v 1.6 2023/09/02 17:41:33 riastradh Exp $
+#	$NetBSD: t_certctl.sh,v 1.7 2023/09/02 17:41:43 riastradh Exp $
 #
 # Copyright (c) 2023 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -319,8 +319,6 @@ evilcertsdir_body()
 
 	setupconf certs1
 
-	atf_expect_fail "mistakes were made with evil pathnames"
-
 	# initial (re)hash, nonexistent certs directory
 	atf_check -s exit:0 $CERTCTL rehash
 	atf_check -s exit:0 certctl -C certs.conf \

Index: src/usr.sbin/certctl/certctl.sh
diff -u src/usr.sbin/certctl/certctl.sh:1.3 src/usr.sbin/certctl/certctl.sh:1.4
--- src/usr.sbin/certctl/certctl.sh:1.3	Mon Aug 28 22:25:50 2023
+++ src/usr.sbin/certctl/certctl.sh	Sat Sep  2 17:41:43 2023
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-#	$NetBSD: certctl.sh,v 1.3 2023/08/28 22:25:50 riastradh Exp $
+#	$NetBSD: certctl.sh,v 1.4 2023/09/02 17:41:43 riastradh Exp $
 #
 # Copyright (c) 2023 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -432,7 +432,7 @@ rehash()
 	if [ -f "$certsdir/.certctl" ]; then
 		# Directory exists and is managed by certctl(8).
 		# Safe to delete it and everything in it.
-		run rm -rf "$certsdir"
+		run rm -rf -- "$certsdir"
 	elif [ -h "$certsdir" ]; then
 		# Paranoia: refuse to chase a symlink.  (Caveat: this
 		# is not secure against an adversary who can recreate
@@ -445,15 +445,15 @@ rehash()
 	elif [ ! -d "$certsdir" ]; then
 		error "certificates directory is not a directory"
 		return 1
-	elif ! find "$certsdir" -maxdepth 0 -type d -empty -exit 1; then
+	elif ! find -f "$certsdir" -- -maxdepth 0 -type d -empty -exit 1; then
 		# certsdir exists, is a directory, and is empty.  Safe
 		# to delete it with rmdir and take it over.
-		run rmdir "$certsdir"
+		run rmdir -- "$certsdir"
 	else
 		error "existing certificates; set manual or move them"
 		return 1
 	fi
-	run mkdir "$certsdir"
+	run mkdir -- "$certsdir"
 	if $vflag; then
 		printf '# initialize %s\n' "$certsdir"
 	fi

CVS commit: src

Reply via email to