From 0cfc60c49143256c1cce6f170aaf404edaaf94ec Mon Sep 17 00:00:00 2001
From: "kestes%walrus.com" <kestes%walrus.com>
Date: Thu, 2 Aug 2001 20:04:25 +0000
Subject: [PATCH] fix bug in untainting code by splitting up the file checks
 into two pieces one checks for legal characters and the other checks for
 legal characters AND legal directories.

---
 webtools/tinderbox2/src/lib/MailProcess.pm    |  6 ++---
 .../tinderbox2/src/lib/Persistence/Dumper.pm  |  8 +++----
 .../src/lib/Persistence/Storable.pm           |  8 +++----
 .../tinderbox2/src/lib/TinderDB/BT_Generic.pm | 17 +++++++-------
 .../tinderbox2/src/lib/TinderDB/BasicTxtDB.pm | 18 +++++++--------
 webtools/tinderbox2/src/lib/TinderDB/Build.pm | 23 +++++++++----------
 .../tinderbox2/src/lib/TinderDB/Notice.pm     |  8 +++----
 7 files changed, 43 insertions(+), 45 deletions(-)

diff --git a/webtools/tinderbox2/src/lib/MailProcess.pm b/webtools/tinderbox2/src/lib/MailProcess.pm
index e79d0b975a5..50f13491aed 100644
--- a/webtools/tinderbox2/src/lib/MailProcess.pm
+++ b/webtools/tinderbox2/src/lib/MailProcess.pm
@@ -4,8 +4,8 @@
 # mailprocessing program.
 
 
-# $Revision: 1.7 $ 
-# $Date: 2001-07-20 19:04:59 $ 
+# $Revision: 1.8 $ 
+# $Date: 2001-08-02 20:04:25 $ 
 # $Author: kestes%walrus.com $ 
 # $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/MailProcess.pm,v $ 
 # $Name:  $ 
@@ -326,7 +326,7 @@ sub write_update_file {
 
   $update_file =~ s/([^0-9a-zA-Z\.\-\_\/\:]+)/\./g;
 
-  $update_file = main::extract_filename_chars($update_file);
+  $update_file = main::extract_safe_filename($update_file);
 
   # We are done, tell the tinderserver about this build.  
 
diff --git a/webtools/tinderbox2/src/lib/Persistence/Dumper.pm b/webtools/tinderbox2/src/lib/Persistence/Dumper.pm
index 3af03bb1a61..60ef30c525d 100644
--- a/webtools/tinderbox2/src/lib/Persistence/Dumper.pm
+++ b/webtools/tinderbox2/src/lib/Persistence/Dumper.pm
@@ -14,8 +14,8 @@
 #	was spend in 32878 calls to Data::Dumper::_dump()
 
 
-# $Revision: 1.8 $ 
-# $Date: 2001-07-20 19:05:07 $ 
+# $Revision: 1.9 $ 
+# $Date: 2001-08-02 20:04:23 $ 
 # $Author: kestes%walrus.com $ 
 # $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/Persistence/Dumper.pm,v $ 
 # $Name:  $ 
@@ -70,7 +70,7 @@ sub save_structure {
   my ($data_refs, $data_file,) = @_;
 
   # This may be the output of a glob, make it taint safe.
-  $data_file = main::extract_filename_chars($data_file);
+  $data_file = main::extract_safe_filename($data_file);
 
   # Create a text representation of the data we wish to save.  We need
   # only eval this string to get back the data.  We pick the name of
@@ -95,7 +95,7 @@ sub load_structure {
   my ($data_file,) = @_;
 
   # This may be the output of a glob, make it taint safe.
-  $data_file = main::extract_filename_chars($data_file);
+  $data_file = main::extract_safe_filename($data_file);
 
   (-r $data_file) || (-R $data_file) ||
     die("data file: $data_file is not readable\n");
diff --git a/webtools/tinderbox2/src/lib/Persistence/Storable.pm b/webtools/tinderbox2/src/lib/Persistence/Storable.pm
index 344a4c71593..7968bd020c9 100644
--- a/webtools/tinderbox2/src/lib/Persistence/Storable.pm
+++ b/webtools/tinderbox2/src/lib/Persistence/Storable.pm
@@ -9,8 +9,8 @@
 # browser.
 
 
-# $Revision: 1.5 $ 
-# $Date: 2001-07-20 19:05:07 $ 
+# $Revision: 1.6 $ 
+# $Date: 2001-08-02 20:04:23 $ 
 # $Author: kestes%walrus.com $ 
 # $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/Persistence/Storable.pm,v $ 
 # $Name:  $ 
@@ -71,7 +71,7 @@ sub save_structure {
   my ($data_refs, $data_file,) = @_;
 
   # This may be the output of a glob, make it taint safe.
-  $data_file = main::extract_filename_chars($data_file);
+  $data_file = main::extract_safe_filename($data_file);
 
   my ($tmpfile) = "$data_file.$main::UID";
 
@@ -89,7 +89,7 @@ sub load_structure {
   my ($data_file,) = @_;
 
   # This may be the output of a glob, make it taint safe.
-  $data_file = main::extract_filename_chars($data_file);
+  $data_file = main::extract_safe_filename($data_file);
 
   (-r $data_file) || (-R $data_file) ||
     die("data file: $data_file is not readable\n");
diff --git a/webtools/tinderbox2/src/lib/TinderDB/BT_Generic.pm b/webtools/tinderbox2/src/lib/TinderDB/BT_Generic.pm
index c052a3d5ca0..47c86c63d62 100644
--- a/webtools/tinderbox2/src/lib/TinderDB/BT_Generic.pm
+++ b/webtools/tinderbox2/src/lib/TinderDB/BT_Generic.pm
@@ -74,7 +74,7 @@ use TreeData;
 use VCDisplay;
 
 
-$VERSION = ( qw $Revision: 1.8 $ )[1];
+$VERSION = ( qw $Revision: 1.9 $ )[1];
 
 @ISA = qw(TinderDB::BasicTxtDB);
 
@@ -119,12 +119,11 @@ sub apply_db_updates {
 
   scalar(@sorted_files) || return 0;
 
-  foreach $update_file (@sorted_files) {
-    my ($full_file) = "$dirname/$update_file";
-    my ($record) = Persistence::load_structure($full_file);
+  foreach $file (@sorted_files) {
+    my ($record) = Persistence::load_structure($file);
 
     ($record) ||
-      die("Error reading Bug Tracking update file '$full_file'.\n");
+      die("Error reading Bug Tracking update file '$file'.\n");
 
     my($timenow) =  $record->{'tinderbox_timenow'};
     
@@ -134,11 +133,11 @@ sub apply_db_updates {
     # sanity check the record, taint checks are done in processmail.
     {
       ($tree eq $record->{'tinderbox_tree'}) ||
-        die("Error in updatefile: $full_file, ".
+        die("Error in updatefile: $file, ".
             "Tree: $tree, not equal to Tree: $record->{'tree'}.");
 
       (main::is_time_valid($timenow)) ||
-        die("Error in updatefile: $full_file, ".
+        die("Error in updatefile: $file, ".
             "timenow: $timenow, is not a valid time.");
    }  
 
@@ -169,7 +168,7 @@ sub apply_db_updates {
 
   $self->savetree_db($tree);
 
-  $self->unlink_files($dirname, @sorted_files);
+  $self->unlink_files(@sorted_files);
   
   return scalar(@sorted_files);
 }
@@ -278,7 +277,7 @@ sub status_table_row {
 	  $num_rows++;
 	  $table .= (
 		     "\t".
-		     "<font size=-1><tt>$field</tt></font>".
+		     "<tt>$field</tt>".
 		     ": ".
 		     $value.
 		     "<br>\n".
diff --git a/webtools/tinderbox2/src/lib/TinderDB/BasicTxtDB.pm b/webtools/tinderbox2/src/lib/TinderDB/BasicTxtDB.pm
index 47fbabdcf61..3f893605abc 100644
--- a/webtools/tinderbox2/src/lib/TinderDB/BasicTxtDB.pm
+++ b/webtools/tinderbox2/src/lib/TinderDB/BasicTxtDB.pm
@@ -6,8 +6,8 @@
 # as a Dump of the $DATABASE reference.
 
 
-# $Revision: 1.6 $ 
-# $Date: 2001-07-20 19:05:11 $ 
+# $Revision: 1.7 $ 
+# $Date: 2001-08-02 20:04:21 $ 
 # $Author: kestes%walrus.com $ 
 # $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/TinderDB/BasicTxtDB.pm,v $ 
 # $Name:  $ 
@@ -50,7 +50,7 @@ use FileStructure;
 use Persistence;
 
 
-$VERSION = ( qw $Revision: 1.6 $ )[1];
+$VERSION = ( qw $Revision: 1.7 $ )[1];
 
 
 # To help preserve the database in the event of a serious system
@@ -105,13 +105,12 @@ sub db_file {
 
 
 sub unlink_files {
-  my ($self, $dir, @files) = @_;
+  my ($self, @files) = @_;
 
   foreach $file (@files) {
-    $full_file = "$dir/$file";
 
     # This may be the output of a glob, make it taint safe.
-    $full_file = main::extract_filename_chars($full_file);
+    $full_file = main::extract_safe_filename($file);
 
     unlink ("$full_file") ||
       die("Could not remove filename: '$full_file': $!\n");
@@ -152,7 +151,7 @@ sub readdir_file_prefix {
 
   # make it taint safe.
 
-  my (@untainted_files) = map { main::extract_filename_chars($_) } 
+  my (@untainted_files) = map { main::extract_safe_filename("$dir/$_") } 
   @sorted_files;
 
   return @untainted_files;
@@ -204,8 +203,9 @@ sub loadtree_db {
 
   # ignore unlink errors, cleaning up the directory is not important. 
   
-  foreach $file (@sorted_files) {
-    $file = main::extract_filename_chars($file);
+  my @extra_files = grep {!/^${filename}$/} @sorted_files;
+  foreach $file (@extra_files) {
+    $file = main::extract_safe_filename($file);
     unlink($file);
   }
 
diff --git a/webtools/tinderbox2/src/lib/TinderDB/Build.pm b/webtools/tinderbox2/src/lib/TinderDB/Build.pm
index 386ea544b04..43487bbc31d 100755
--- a/webtools/tinderbox2/src/lib/TinderDB/Build.pm
+++ b/webtools/tinderbox2/src/lib/TinderDB/Build.pm
@@ -7,8 +7,8 @@
 # the build was and display a link to the build log.
 
 
-# $Revision: 1.21 $ 
-# $Date: 2001-07-20 19:05:11 $ 
+# $Revision: 1.22 $ 
+# $Date: 2001-08-02 20:04:20 $ 
 # $Author: kestes%walrus.com $ 
 # $Source: /home/jrmuizel/cvs-mirror/mozilla/webtools/tinderbox2/src/lib/TinderDB/Build.pm,v $ 
 # $Name:  $ 
@@ -730,12 +730,11 @@ sub apply_db_updates {
 
   scalar(@sorted_files) || return 0;
 
-  foreach $update_file (@sorted_files) {
-    my $full_file = "$dirname/$update_file";
-    my ($record) = Persistence::load_structure($full_file);
+  foreach $file (@sorted_files) {
+    my ($record) = Persistence::load_structure($file);
 
     ($record) ||
-      die("Error reading Build update file '$full_file'.\n");
+      die("Error reading Build update file '$file'.\n");
 
     my ($build) = $record->{'buildname'};
     my ($buildstatus) = $record->{'status'};
@@ -747,22 +746,22 @@ sub apply_db_updates {
     # sanity check the record, taint checks are done in processmail.
     {
       BuildStatus::is_status_valid($buildstatus) ||
-        die("Error in updatefile: $full_file, Status not valid");
+        die("Error in updatefile: $file, Status not valid");
       
       ($tree eq $record->{'tree'}) ||
-        die("Error in updatefile: $full_file, ".
+        die("Error in updatefile: $file, ".
             "Tree: $tree, equal to Tree: $record->{'tree'}.");
 
       (main::is_time_valid($starttime)) ||
-        die("Error in updatefile: $full_file, ".
+        die("Error in updatefile: $file, ".
             "starttime: $starttime, is not a valid time.");
 
       (main::is_time_valid($timenow)) ||
-        die("Error in updatefile: $full_file, ".
+        die("Error in updatefile: $file, ".
             "timenow: $timenow, is not a valid time.");
 
       ($starttime <= $timenow) ||
-        die("Error in updatefile: $full_file, ".
+        die("Error in updatefile: $file, ".
             "starttime: $starttime, is less then timenow: $timenow.");
 
    }  
@@ -897,7 +896,7 @@ sub apply_db_updates {
 
   $self->savetree_db($tree);
 
-  $self->unlink_files($dirname, @sorted_files);
+  $self->unlink_files(@sorted_files);
   
   return scalar(@sorted_files);
 }
diff --git a/webtools/tinderbox2/src/lib/TinderDB/Notice.pm b/webtools/tinderbox2/src/lib/TinderDB/Notice.pm
index b9ccf37c283..0e7361390fe 100755
--- a/webtools/tinderbox2/src/lib/TinderDB/Notice.pm
+++ b/webtools/tinderbox2/src/lib/TinderDB/Notice.pm
@@ -79,7 +79,7 @@ use Utils;
 use HTMLPopUp;
 use TinderDB::BasicTxtDB;
 
-$VERSION = ( qw $Revision: 1.9 $ )[1];
+$VERSION = ( qw $Revision: 1.10 $ )[1];
 
 @ISA = qw(TinderDB::BasicTxtDB);
 
@@ -150,10 +150,10 @@ sub apply_db_updates {
     # This require will set a variable called $record with all
     # the info from this build update.
 
-    my ($record) = Persistence::load_structure("$dirname/$update_file");
+    my ($record) = Persistence::load_structure("$update_file");
 
     ($record) ||
-      die("Error reading Notice update file '$dirname/$update_file'.\n");
+      die("Error reading Notice update file '$update_file'.\n");
 
     my $time = $record->{'time'};
     my $mailaddr = $record->{'mailaddr'};
@@ -177,7 +177,7 @@ sub apply_db_updates {
 
   $self->savetree_db($tree);
 
-  $self->unlink_files($dirname, @sorted_files);
+  $self->unlink_files(@sorted_files);
   
   return scalar(@sorted_files);
 }