| Summary: | getVarsFromSh doesn't correctly handle backslashes on double quoted variables (perl-MDK-Common) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Pablo Saratxaga <pablo> |
| Component: | RPM Packages | Assignee: | Thierry Vignaud <thierry.vignaud> |
| Status: | NEW --- | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | pablo |
| Version: | Cauldron | Keywords: | PATCH, Triaged |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | perl-MDK-Common-1.2.29-3.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Pablo Saratxaga
2013-07-04 15:02:01 CEST
Keywords:
(none) =>
PATCH I cannot think of any config file written with help of MDK::Common where it would be valid to have such a string the problem can happen when reading hand-edited config files. It is seldom a problem; but is clearly a bug as it doesn't read shell script config files the same way as the shell do.
Samuel Verschelde
2015-05-17 21:16:05 CEST
Keywords:
(none) =>
Triaged We'd better use unquote from String::Escape or from String::Util IMHO |
Description of problem: getVarsFromSh read variables from a shell compatible config file. However, when variable is quoted with double quotes, it doesn't read correctly. consider a file with the following line: FOO="foo\"bar\\aaa\nbbb" if you source that file from bash, and then do "echo $FOO" it wll display: foo"bar\aaa\nbbb but if you read the file with getVarsFromSh it will display: foo\"bar\\aaa\nbbb as getVarsFromSh() is intended to be shell-compatible, this is clearly a bug. for strings in double quotes, the backslash has a special meaning when in front of a double quote or another backslash. How to fix it? the function is defined in MDK/Common/System.pm file it should be changed as follow: sub getVarsFromSh { my %l; open(my $F, $_[0]) or return; local $_; while (<$F>) { s/^\s*#.*//; # remove comment-only lines s/^\s*//; # leading space my ($v, $val) = /^(\w+)=(.*)/ or next; if ($val =~ /^"(.*)"(\s+#.*)?$/) { $val = $1; $val =~ s/\\(["\\])/$1/g; # <---- add this line } elsif ($val =~ /^'(.*)'(\s+#.*)?$/) { $val = $1; $val =~ s/(^|[^'])'\\''/$1'/g; } $l{$v} = $val; } %l; } Thanks Reproducible: Steps to Reproduce: