scm/git: prevent exec bomb with 'env :userpaths'
Using `git` from `Formula#install` can cause an exec bomb if used in a formula with `env :userpaths` because that causes both `Library/ENV/4.3` and `Library/ENV/scm` to be in PATH, both of which contain a `git` binary that is the same SCM wrapper. Those will mutually exec each other indefinitely as they fail to detect that they are the same wrapper. Extend the exec-bomb protection to check the paths after all symbolic links have been expanded to prevent this situation. Fixes #43. Fixes Homebrew/homebrew-core#133. Fixed Homebrew/homebrew-core#143. Closes #46. Signed-off-by: Martin Afanasjew <martin@afanasjew.de>
This commit is contained in:
Martin Afanasjew
parent
d5085edce0
commit
d7aa0c0335
@ -13,13 +13,16 @@ exec "$HOMEBREW_RUBY_PATH" -x "$0" "$@"
|
||||
# This script because we support $GIT, $HOMEBREW_SVN, etc., Xcode-only and
|
||||
# no Xcode/CLT configurations. Order is careful to be what the user would want.
|
||||
|
||||
require "pathname"
|
||||
|
||||
SELF_REAL = Pathname.new(__FILE__).realpath
|
||||
F = File.basename(__FILE__).freeze
|
||||
D = File.expand_path(File.dirname(__FILE__)).freeze
|
||||
|
||||
def exec(*args)
|
||||
# prevent fork-bombs
|
||||
arg0 = args.first
|
||||
return if arg0 =~ /^#{F}/i || File.expand_path(arg0) == File.expand_path(__FILE__)
|
||||
return if arg0 =~ /^#{F}/i || Pathname.new(arg0).realpath == SELF_REAL
|
||||
super
|
||||
end
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user