diff options
author | Denys Vlasenko <dvlasenk@redhat.com> | 2019-11-21 15:51:47 +0100 |
---|---|---|
committer | Thierry Vignaud <thierry.vignaud@gmail.com> | 2019-12-23 16:02:47 +0100 |
commit | 8ecaeab1b79c20f83eda540e39f31e6a73018d7f (patch) | |
tree | d0be71a0a008f4aad7819822fc5f58292b0ec4e6 /NEWS | |
parent | 7944a0608672698b96767550fa265fde01f29bf0 (diff) | |
download | rpm-setup-8ecaeab1b79c20f83eda540e39f31e6a73018d7f.tar rpm-setup-8ecaeab1b79c20f83eda540e39f31e6a73018d7f.tar.gz rpm-setup-8ecaeab1b79c20f83eda540e39f31e6a73018d7f.tar.bz2 rpm-setup-8ecaeab1b79c20f83eda540e39f31e6a73018d7f.tar.xz rpm-setup-8ecaeab1b79c20f83eda540e39f31e6a73018d7f.zip |
brp-mangle-shebangs: fix unsafe/incorrect command expansion
trim() {
printf '%s' "$*"
}
...
read shebang_line < "$f" || :
orig_shebang=$(trim $(echo "$shebang_line" | grep -Po "#!\K.*" || echo))
The "trimming", i.e. replacement of multiple spaces and removal of leading
and trailing spaces, is achieved because "trim $(cmd)" construct has an
unquoted $(), which is subject to word splitting.
This works, yes. BUT.
It is also subject to glob expansion - any ?s and *s will be attempted
to be expanded as well - definitely NOT what we want!
This change replaces this trick with code which avoids the expansion issue,
and which does not spawn any subprocesses for string manipulations -
this is ~3 times faster (fork+execs are expensive).
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Diffstat (limited to 'NEWS')
0 files changed, 0 insertions, 0 deletions