commit: a722142b8676a46c432e77133ec97d802edd1845
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Sat Jun 7 11:55:12 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 7 22:54:12 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=a722142b
ecompress: safely split the PORTAGE_COMPRESS{,FLAGS} variables
Presently, the guest_suffix() function attempts to execute a simple
command through the unquoted expansion of both the 'PORTAGE_COMPRESS'
and 'PORTAGE_COMPRESS_FLAGS' variables. This renders it sensitive to the
prevailing value of IFS, and runs the risk of performing pathname
expansion on the resulting words.
Address the issue by using read to safely separate the collected words
into an array, and by expanding the array as a simple command.
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/ecompress | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/bin/ecompress b/bin/ecompress
index 2b7bca1629..107bf36d42 100755
--- a/bin/ecompress
+++ b/bin/ecompress
@@ -102,7 +102,8 @@ do_queue() {
}
guess_suffix() {
- local f i suffix tmpdir
+ local IFS f i suffix tmpdir
+ local -a cmd
trap 'rm -rf -- "${tmpdir}"' RETURN
@@ -118,7 +119,8 @@ guess_suffix() {
printf '%s ' "${i}" || ! break
done > compressme || return
- ${PORTAGE_COMPRESS} ${PORTAGE_COMPRESS_FLAGS} compressme > /dev/null ||
return
+ read -rd '' -a cmd <<<"${PORTAGE_COMPRESS} ${PORTAGE_COMPRESS_FLAGS}"
+ "${cmd[@]}" compressme > /dev/null || return
# If PORTAGE_COMPRESS_FLAGS contains -k then we need to avoid
# having our glob match the uncompressed file here.
