Skip to content

Commit 36f4c6f

Browse files
nachoparkernachoparker
committed
avoid temp dir vulnerabilities
1 parent a0b8c49 commit 36f4c6f

File tree

3 files changed

+12
-11
lines changed

3 files changed

+12
-11
lines changed

bin/ncp-check-version

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,15 @@
22

33
# update latest available version in /var/run/.ncp-latest-version
44

5-
rm -rf /tmp/ncp-check-tmp
5+
TMPDIR="$( mktemp -d /tmp/ncp-check.XXXXXX || ( echo "Failed to create temp dir. Exiting" >&2; exit 1 ) )"
6+
trap "rm -rf \"${TMPDIR}\"; exit 0" 0 1 2 3 15
67

7-
git clone --depth 20 -q --bare https://github.com/nextcloud/nextcloudpi.git /tmp/ncp-check-tmp || {
8+
git clone --depth 20 -q --bare https://github.com/nextcloud/nextcloudpi.git "$TMPDIR" || {
89
echo "The git clone command failed: No connectivity to https://github.com ?"
910
exit 1
1011
}
1112

12-
cd /tmp/ncp-check-tmp || exit 1
13+
cd "$TMPDIR" || exit 1
1314
VER=$( git describe --always --tags | grep -oP "v\d+\.\d+\.\d+" )
1415
grep -qP "v\d+\.\d+\.\d+" <<< "$VER" && { # check format
1516
echo "$VER" > /var/run/.ncp-latest-version
@@ -22,5 +23,3 @@ grep -qP "v\d+\.\d+\.\d+" <<< "$VER" && { # check format
2223
sed 's|* \[tag: |[|' > /usr/local/etc/ncp-changelog
2324
}
2425
cd / || exit 1
25-
26-
rm -rf /tmp/ncp-check-tmp

bin/ncp-update

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,14 +8,15 @@
88
BRANCH="${1:-master}"
99
[[ "$BRANCH" != "master" ]] && echo "INFO: updating to development branch '$BRANCH'"
1010

11-
echo -e "Downloading updates"
12-
rm -rf /tmp/ncp-update-tmp
11+
TMPDIR="$( mktemp -d /tmp/ncp-update.XXXXXX || ( echo "Failed to create temp dir. Exiting" >&2; exit 1 ) )"
12+
trap "rm -rf \"${TMPDIR}\"; exit 0" 0 1 2 3 15
1313

14-
git clone --depth 20 -b "$BRANCH" -q https://github.com/nextcloud/nextcloudpi.git /tmp/ncp-update-tmp || {
14+
echo -e "Downloading updates"
15+
git clone --depth 20 -b "$BRANCH" -q https://github.com/nextcloud/nextcloudpi.git "$TMPDIR" || {
1516
echo "No internet connectivity"
1617
exit 1
1718
}
18-
cd /tmp/ncp-update-tmp
19+
cd "$TMPDIR"
1920

2021
echo -e "Performing updates"
2122
./update.sh && {
@@ -36,7 +37,6 @@
3637
}
3738

3839
cd /
39-
rm -rf /tmp/ncp-update-tmp
4040

4141
exit
4242
} # force to read the whole thing into memory, as its contents might change in update.sh

changelog.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11

2-
[v0.54.3](https://github.com/nextcloud/nextcloudpi/commit/921b583) (2018-05-03) nc-datadir: avoid using occ for faster execution
2+
[v0.54.4](https://github.com/nextcloud/nextcloudpi/commit/36fed66) (2018-05-09) avoid temp dir vulnerabilities
3+
4+
[v0.54.3 ](https://github.com/nextcloud/nextcloudpi/commit/66dfbd0) (2018-05-03) nc-datadir: avoid using occ for faster execution
35

46
[v0.54.2 ](https://github.com/nextcloud/nextcloudpi/commit/ebfb7f1) (2018-05-03) samba: restart after configuration change
57

0 commit comments

Comments
 (0)