1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
From 4f46a077fde520dcdc466da611d7abd124f260f8 Mon Sep 17 00:00:00 2001
From: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Date: Mon, 25 Sep 2023 18:32:22 +0100
Subject: [PATCH 20/27] tools/pygrub: Small refactors
Small tidy up to ensure output_directory always has a trailing '/' to ease
concatenating paths and that `output` can only be a filename or None.
This is part of XSA-443 / CVE-2023-34325
Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com>
(cherry picked from commit 9f2ff9a7c9b3ac734ae99f17f0134ed0343dcccf)
---
tools/pygrub/src/pygrub | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
index ce4e07d3e8..1042c05b86 100755
--- a/tools/pygrub/src/pygrub
+++ b/tools/pygrub/src/pygrub
@@ -793,7 +793,7 @@ if __name__ == "__main__":
debug = False
not_really = False
output_format = "sxp"
- output_directory = "/var/run/xen/pygrub"
+ output_directory = "/var/run/xen/pygrub/"
# what was passed in
incfg = { "kernel": None, "ramdisk": None, "args": "" }
@@ -815,7 +815,8 @@ if __name__ == "__main__":
usage()
sys.exit()
elif o in ("--output",):
- output = a
+ if a != "-":
+ output = a
elif o in ("--kernel",):
incfg["kernel"] = a
elif o in ("--ramdisk",):
@@ -847,12 +848,11 @@ if __name__ == "__main__":
if not os.path.isdir(a):
print("%s is not an existing directory" % a)
sys.exit(1)
- output_directory = a
+ output_directory = a + '/'
if debug:
logging.basicConfig(level=logging.DEBUG)
-
try:
os.makedirs(output_directory, 0o700)
except OSError as e:
@@ -861,7 +861,7 @@ if __name__ == "__main__":
else:
raise
- if output is None or output == "-":
+ if output is None:
fd = sys.stdout.fileno()
else:
fd = os.open(output, os.O_WRONLY)
--
2.42.0
|