e737ef9 Fix host component handling in file:// URLs — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

Fix host component handling in file:// URLs

Keve committed 1 year ago

commit e737ef9fc933edd3e7cca0234ecf227bd6dab4c4
parent 61f0a39

2 files changed +55 -8

modified libpkg/fetch_file.c

@@ -54,14 +54,25 @@ file_open(struct pkg_repo *repo, struct fetch_item *fi)

 		return (EPKG_FATAL);
 	}
 	u+=2;
 	/* if we don't have a '/' it means we have a host we should ignore */
 	/* if we don't have a '/' it means we have a host FQDN component, otherwise just proceed */
 	/* we can fetch local files only, so we accept the localhost FQDN */
 	/* TODO: consider accepting gethostname/getdomainname and combinations of these. */
 	/* TODO: delegate to curl to fetch any URL, btw. curl bails on this as well. */
 	if (*u != '/') {
 		u = strchr(u+1, '/');
 		if (u == NULL) {
 			pkg_emit_error("Invalid url: %s'\n', "
 					"file://<absolutepath> expected", fi->url);
 		char fqdn[256]="";
 		char *path = strchr(u+1, '/');
 		if (path == NULL) {
 			pkg_emit_error("Invalid url: '%s',\n"
 					"file:///<path> or file://localhost/<path> expected.", fi->url);
 			return (EPKG_FATAL);
 		}
 		strncat(fqdn, u, MIN(255, path-u));
 		if (0 != strncmp("localhost", fqdn, sizeof(fqdn))) {
 			pkg_emit_error("Invalid url: '%s'\n"
 					"file:///<path> or file://localhost/<path> expected.", fi->url);
 			return (EPKG_FATAL);
 			}
 		u = path;
 	}
 	if (stat(u, &st) == -1) {
 		if (!repo->silent)

modified tests/frontend/update.sh

@@ -18,7 +18,7 @@ EOF

 	atf_check \
 		-o match:"Unable to update repository test" \
 		-e match:"pkg: file://empty//packagesite.pkg: No such file or directory" \
 		-e match:"Invalid url: 'file://empty//meta.conf'" \
 		-s exit:1 \
 		pkg -R repos update
 }

@@ -28,6 +28,10 @@ file_url_body() {

 	touch meta.conf
 	here=$(pwd)
 #
 # test file:/empty/, which is invalid
 #
 	cat > repos/test.conf << EOF
 test: {
   url: "file:/empty/",

@@ -40,6 +44,9 @@ EOF

 		-s exit:1 \
 		pkg -R repos update
 #
 # test file://here, which is invalid
 #
 	cat > repos/test.conf << EOF
 test: {
   url: "file://here",

@@ -47,11 +54,14 @@ test: {

 EOF
 	atf_check \
 		-o match:"Unable to update repository test" \
 		-e match:"meta.*No such file or directory" \
 		-e match:"Invalid url: 'file://here/meta.conf'" \
 		-s exit:1 \
 		pkg -R repos update
 #
 # test file://here//path, which is invalid
 #
 	cat > repos/test.conf << EOF
 test: {
   url: "file://here/${here}",

@@ -63,6 +73,9 @@ EOF

 		-s exit:1 \
 		pkg -R repos update
 #
 # test file:////path, which is valid
 #
 	cat > repos/test.conf << EOF
 test: {
   url: "file:///${here}",

@@ -75,6 +88,9 @@ EOF

 		-s exit:1 \
 		pkg -R repos update
 #
 # test file:///path, which is valid
 #
 	cat > repos/test.conf << EOF
 test: {
   url: "file://${here}",

@@ -87,6 +103,9 @@ EOF

 		-s exit:1 \
 		pkg -R repos update
 #
 # test file://path, which is invalid
 #
 	cat > repos/test.conf << EOF
 test: {
   url: "file:/${here}",

@@ -95,7 +114,24 @@ EOF

 	atf_check \
 		-o match:"Unable to update repository test" \
 		-e match:"meta.*No such file or directory" \
 		-e match:"Invalid url: 'file:/${here}/meta.conf'" \
 		-s exit:1 \
 		pkg -R repos update
 #
 # test file://localhost/path, which is a valid
 #
 	cat > repos/test.conf << EOF
 test: {
   url: "file://localhost${here}",
 }
 EOF
 	atf_check \
 		-o match:"Unable to update repository test" \
 		-e not-match:"meta.*No such file or directory" \
 		-s exit:1 \
 		pkg -R repos update
 }