From 2effcaccbf62b5252883496e9384f6d5a18a3458 Mon Sep 17 00:00:00 2001
From: Jacob Bachmeyer <jcb@gnu.org>
Date: Thu, 20 Oct 2022 21:58:37 -0500
Subject: [PATCH] Remove intermediate array and send vulnerability check
 messages to syslog

---
 gatekeeper.pl | 30 +++++++++++-------------------
 1 file changed, 11 insertions(+), 19 deletions(-)

diff --git a/gatekeeper.pl b/gatekeeper.pl
index 97e4b8e..e8ef5bf 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1697,14 +1697,13 @@ sub automake_tests {
   my $upload_file = shift;
 
   my $error_string = '';
-  my @debug_log;
 
   if (! -e $upload_file) {
-    return("Error: $upload_file not found\n\n", \@debug_log);
+    return "Error: $upload_file not found\n\n";
   }
 
   if (! -r $upload_file) {
-    return("Error: $upload_file is unreadable\n\n", \@debug_log);
+    return "Error: $upload_file is unreadable\n\n";
   }
 
   # Reject an upload tarball if it contains a Makefile.in vulnerable
@@ -1712,12 +1711,12 @@ sub automake_tests {
   # http://thread.gmane.org/gmane.comp.sysutils.autotools.announce/131
   if ($upload_file =~ /\.(tar|)(\.|$)|\.t[bglx]z|\.tbz2$/) {
     # First check if the file contains any Makefile.in files
-    push(@debug_log,"DEBUG: "
+    ftp_syslog('debug',"DEBUG: "
 	 ."testing $upload_file for presence of Makefile.in")
       if DEBUG;
     my $tar_cmd = "/bin/tar -tf $upload_file";
     open (TAR, "$tar_cmd|")
-      or return("Error: failed to run command: $tar_cmd\n\n", \@debug_log);
+      or return "Error: failed to run command: $tar_cmd\n\n";
     my $found_makefile = 0;
     while (defined (my $line = <TAR>)) {
       if ($line =~ /Makefile.in/i) {
@@ -1728,16 +1727,16 @@ sub automake_tests {
     close(TAR); # We don't care about errors here; the pipe can cause
 		# non-zero exit codes when tar is unhappy that it's asked
 		# to stop
-    return ($error_string, \@debug_log)
+    return $error_string
       if (!$found_makefile);
     # If it does, check inside them
-    push(@debug_log,"DEBUG: found Makefile.in, "
+    ftp_syslog('debug',"DEBUG: found Makefile.in, "
 	 ."testing for CVE-2009-4029 and CVE-2012-3386")
       if DEBUG;
     $tar_cmd = "/bin/tar --to-stdout -x -f $upload_file 'Makefile.in' "
       ."--wildcards '*/Makefile.in' 2>/dev/null";
     open (TAR, "$tar_cmd|")
-      or return("Error: failed to run command: $tar_cmd\n\n", \@debug_log);
+      or return "Error: failed to run command: $tar_cmd\n\n";
     my $found_cve_2009_4029 = 0;
     my $found_cve_2012_3386 = 0;
     while (defined (my $line = <TAR>)) {
@@ -1766,16 +1765,16 @@ sub automake_tests {
 	  . "Regenerate it with automake 1.11.6 / 1.12.2 or newer.\n\n";
 
   }
-  return ($error_string, \@debug_log);
+  return $error_string;
 }
 
 sub check_vulnerabilities {
   my $upload_file = shift;
 
-  my ($error_string, $error_log_ref) =
+  my $error_string =
     automake_tests($upload_file);
 
-  return ($error_string, $error_log_ref);
+  return $error_string;
 }
 
 
@@ -1817,16 +1816,9 @@ sub check_files {
   $valid
     or fatal("gpg verify of upload file ($upload_file) failed",1);
 
-  my ($error_string, $error_log_ref) =
+  my $error_string =
     check_vulnerabilities($upload_file);
 
-  my @error_log = @$error_log_ref;
-  if (DEBUG and $#error_log > -1) {
-    foreach (@error_log) {
-      ftp_syslog('debug', $_);
-    }
-  }
-
   fatal($error_string,1,'',3) if ($error_string ne '');
 
   ftp_syslog('debug', "DEBUG: "
-- 
2.25.1