Change in coreboot[master]: util/lint/checkpatch.pl: Untaint filename - coreboot-gerrit

28 Jan 2018

Martin Roth has uploaded this change for review. ( https://review.coreboot.org/23473
Change subject: util/lint/checkpatch.pl: Untaint filename
......................................................................
util/lint/checkpatch.pl: Untaint filename
This fixes the warning that is seen on the jenkins server:
Insecure dependency in piped open while running setgid at
util/lint/checkpatch.pl line 958.
Change-Id: I476efa76ef6a275584a47ec0ecf2315948d53e9d
Signed-off-by: Martin Roth martinroth@google.com
---
M util/lint/checkpatch.pl
1 file changed, 4 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/73/23473/1

diff --git a/util/lint/checkpatch.pl b/util/lint/checkpatch.pl
index e9a0cc4..c35a0d6 100755
--- a/util/lint/checkpatch.pl
+++ b/util/lint/checkpatch.pl
@@ -951,6 +951,10 @@
 my $vname;
 for my $filename (@ARGV) {
    my $FILE;
+
+	# coreboot: Mark filename as untainted
+	$filename =~ /^(.*)$/s or die; $filename = $1;
+
    if ($git) {
    	open($FILE, '-|', "git format-patch -M --stdout -1 $filename") ||
    		die "$P: $filename: git format-patch failed - $!\n";
-- 
To view, visit https://review.coreboot.org/23473
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I476efa76ef6a275584a47ec0ecf2315948d53e9d
Gerrit-Change-Number: 23473
Gerrit-PatchSet: 1
Gerrit-Owner: Martin Roth martinroth@google.com



    