From be3c71fa81e6d35a1fae0612a8b7b4b613d7d2f6 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Tue, 30 Jul 2013 15:24:48 -0400 Subject: avoid injecting code into the format string Now that die() properly forwards arguments to error(), we can expect that the first arg is a format string and not the entirety of the output. Signed-off-by: Dave Reisner Signed-off-by: Pierre Schmitz --- commitpkg.in | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'commitpkg.in') diff --git a/commitpkg.in b/commitpkg.in index db78517..ad1005b 100644 --- a/commitpkg.in +++ b/commitpkg.in @@ -58,7 +58,7 @@ esac # check if all local source files are under version control for s in "${source[@]}"; do if [[ $s != *://* ]] && ! svn status -v "$s@" | grep -q '^[ AMRX~]'; then - die "$s is not under version control" + die "%s is not under version control" "$s" fi done @@ -68,7 +68,7 @@ for i in 'changelog' 'install'; do # evaluate any bash variables used eval file=\"$(sed 's/^\(['\''"]\)\(.*\)\1$/\2/' <<< "$file")\" if ! svn status -v "${file}" | grep -q '^[ AMRX~]'; then - die "${file} is not under version control" + die "%s is not under version control" "$file" fi done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD) done @@ -81,8 +81,8 @@ while getopts ':l:a:s:f' flag; do s) server=$OPTARG ;; l) rsyncopts+=("--bwlimit=$OPTARG") ;; a) commit_arch=$OPTARG ;; - :) die "Option requires an argument -- '$OPTARG'" ;; - \?) die "Invalid option -- '$OPTARG'" ;; + :) die "Option requires an argument -- '%s'" "$OPTARG" ;; + \?) die "Invalid option -- '%s'" "$OPTARG" ;; esac done shift $(( OPTIND - 1 )) @@ -164,7 +164,7 @@ for _arch in ${arch[@]}; do gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die fi if ! gpg --verify "$sigfile" >/dev/null 2>&1; then - die "Signature ${pkgfile}.sig is incorrect!" + die "Signature %s.sig is incorrect!" "$pkgfile" fi uploads+=("$sigfile") done -- cgit v1.2.3-54-g00ecf