dom0: validate downloaded packages names (#198)
This commit is contained in:
Marek Marczykowski
parent
49257d488b
commit
4607428c38
@ -20,6 +20,7 @@
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
import os
|
import os
|
||||||
|
import re
|
||||||
import sys
|
import sys
|
||||||
import subprocess
|
import subprocess
|
||||||
import shutil
|
import shutil
|
||||||
@ -29,6 +30,8 @@ from qubes.qubes import QubesVmCollection
|
|||||||
updates_dir = "/var/lib/qubes/updates"
|
updates_dir = "/var/lib/qubes/updates"
|
||||||
updates_rpm_dir = updates_dir + "/rpm"
|
updates_rpm_dir = updates_dir + "/rpm"
|
||||||
|
|
||||||
|
package_regex = re.compile(r"^[abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._+-]{1,128}.rpm$")
|
||||||
|
|
||||||
def dom0updates_fatal(msg):
|
def dom0updates_fatal(msg):
|
||||||
print >> sys.stderr, msg
|
print >> sys.stderr, msg
|
||||||
shutil.rmtree(updates_rpm_dir)
|
shutil.rmtree(updates_rpm_dir)
|
||||||
@ -45,7 +48,7 @@ def handle_dom0updates(updatevm):
|
|||||||
subprocess.check_call(["/usr/lib/qubes/qfile-dom0-unpacker", os.getlogin(), updates_rpm_dir])
|
subprocess.check_call(["/usr/lib/qubes/qfile-dom0-unpacker", os.getlogin(), updates_rpm_dir])
|
||||||
# Verify received files
|
# Verify received files
|
||||||
for f in os.listdir(updates_rpm_dir):
|
for f in os.listdir(updates_rpm_dir):
|
||||||
if glob.fnmatch.fnmatch(f, "*.rpm"):
|
if package_regex.match(f):
|
||||||
p = subprocess.Popen (["/bin/rpm", "-K", updates_rpm_dir + "/" + f],
|
p = subprocess.Popen (["/bin/rpm", "-K", updates_rpm_dir + "/" + f],
|
||||||
stdout=subprocess.PIPE)
|
stdout=subprocess.PIPE)
|
||||||
output = p.communicate()[0]
|
output = p.communicate()[0]
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user