Details
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 45816 Build 42704: arc lint + arc unit
Event Timeline
Changes required.
usr.sbin/bsdinstall/scripts/auto | ||
---|---|---|
155 | The formatting here is not correct and also opens the program to a Denial-of-Service attack. For example, were I to set "DISTRIBUTIONS" variable to "/* /*/* /*/*/* /*/*/*/*" then -- because the expansion of "${DISTRIBUTIONS:=...}" will place the wildcards into the argument scope of ":" command, cause the shell to attempt to expand all the globs which will result in massive filesystem access and hang the program. See suggested edit for proper formatting that will also prevent Denial-of-Service |
I will also note that the removal of the "export" may cause issues. There would be other acceptable solutions, such as:
export DISTRIBUTIONS="${DISTRIBUTIONS:-base.txz kernel.txz}"
Which I think I like more
usr.sbin/bsdinstall/scripts/auto | ||
---|---|---|
155 | Current suggestion (prevent Denial-of-Service and keep export while still allowing underride) |
The raw diff [1] looks funny. The "before" (line removed) doesn't match what is in head [2].
[1] https://reviews.freebsd.org/file/data/gpestj4gip62y5xbunh3/PHID-FILE-mrgzvmtcys7du2upsagn/D35355.vson.id106529.diff
[2] https://cgit.freebsd.org/src/tree/usr.sbin/bsdinstall/scripts/auto#n155