diff options
| author | Eli Schwartz <eschwartz@archlinux.org> | 2019-04-28 04:54:17 +0200 |
|---|---|---|
| committer | Allan McRae <allan@archlinux.org> | 2019-05-08 04:45:26 +0200 |
| commit | b93dfa935f900d884f14d5be8949dc0ae85f1692 (patch) | |
| tree | 6943b1414231c5ee5df6c41490d9d44d0346634f /scripts/libmakepkg/source | |
| parent | a0f4429e95240b8a275ab6c43c4b8d0b11cfcd5d (diff) | |
| download | pacman-b93dfa935f900d884f14d5be8949dc0ae85f1692.tar.gz pacman-b93dfa935f900d884f14d5be8949dc0ae85f1692.tar.xz | |
scripts: protect against unintended glob matching in [[ ]] RHS
The right-hand side of the [[ ... = ... ]] keyword is an exception to
the general rule that quoting is unnecessary with [[
This is usually not a problem, e.g. in libmakepkg, lint_one_pkgname will
already fail if pkgname has an asterisk, but it certainly doesn't hurt
to be "more proper" and go with the spec; it is more dangerous in
repo-add, which can get caught in an infinite loop instead of safely
asserting there is no package named 'foo*'.
Reported-by: Rafael Ascensão <rafa.almas@gmail.com>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'scripts/libmakepkg/source')
| -rw-r--r-- | scripts/libmakepkg/source/git.sh.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/libmakepkg/source/git.sh.in b/scripts/libmakepkg/source/git.sh.in index 96d79623..ccf4642b 100644 --- a/scripts/libmakepkg/source/git.sh.in +++ b/scripts/libmakepkg/source/git.sh.in @@ -117,7 +117,7 @@ extract_git() { if [[ ${fragment%%=*} = tag ]]; then tagname="$(git tag -l --format='%(tag)' "$ref")" - if [[ -n $tagname && $tagname != $ref ]]; then + if [[ -n $tagname && $tagname != "$ref" ]]; then error "$(gettext "Failure while checking out version %s, the git tag has been forged")" "$ref" plain "$(gettext "Aborting...")" exit 1 |