ftp_syslog('debug',"DEBUG: "
."testing $upload_file for presence of Makefile.in")
if DEBUG;
- my $tar_cmd = "/bin/tar -tf $upload_file";
- open (TAR, "$tar_cmd|")
- or return "Error: failed to run command: $tar_cmd\n\n";
+ my @tar_cmd = (qw(/bin/tar -tf), $upload_file);
+ open TAR, '-|', @tar_cmd
+ or return 'Error: failed to run command: '.join(' ',@tar_cmd)."\n\n";
my $found_makefile = 0;
while (defined (my $line = <TAR>)) {
if ($line =~ /Makefile.in/i) {
last;
}
}
- close(TAR); # We don't care about errors here; the pipe can cause
+ close TAR; # We don't care about errors here; the pipe can cause
# non-zero exit codes when tar is unhappy that it's asked
# to stop
return $error_string
ftp_syslog('debug',"DEBUG: found Makefile.in, "
."testing for CVE-2009-4029 and CVE-2012-3386")
if DEBUG;
- $tar_cmd = "/bin/tar --to-stdout -x -f $upload_file 'Makefile.in' "
- ."--wildcards '*/Makefile.in' 2>/dev/null";
- open (TAR, "$tar_cmd|")
- or return "Error: failed to run command: $tar_cmd\n\n";
+ @tar_cmd = (qw(/bin/tar --to-stdout -x -f), $upload_file,
+ qw(Makefile.in --wildcards */Makefile.in));
+ open TAR, '-|', @tar_cmd
+ or return 'Error: failed to run command: '.join(' ',@tar_cmd)."\n\n";
my $found_cve_2009_4029 = 0;
my $found_cve_2012_3386 = 0;
while (defined (my $line = <TAR>)) {
$found_cve_2012_3386 = 1;
}
}
- close(TAR); # We don't care about errors here; the pipe can cause
+ close TAR; # We don't care about errors here; the pipe can cause
# non-zero exit codes when tar is unhappy that it's asked
# to stop