X-Git-Url: http://git.rot13.org/?p=BackupPC.git;a=blobdiff_plain;f=bin%2FBackupPC_archiveHost;h=e66c241f80d10651e73de77bdddefce4b3cb4fc3;hp=ed481a785a6256a28e52e3a26fe354a0ca512678;hb=488bb662f6d144d42376b3d14e9b1e438e00e6f8;hpb=17dcbbebb871212f90b81bb97f8d1feb528bdc43 diff --git a/bin/BackupPC_archiveHost b/bin/BackupPC_archiveHost index ed481a7..e66c241 100755 --- a/bin/BackupPC_archiveHost +++ b/bin/BackupPC_archiveHost @@ -1,4 +1,4 @@ -#!/bin/perl +#!/usr/bin/perl #============================================================= # # BackupPC_archiveHost: Archive files for a single host @@ -20,7 +20,7 @@ # Josh Marshall # # COPYRIGHT -# Copyright (C) 2001-2004 Craig Barratt +# Copyright (C) 2001-2009 Craig Barratt # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -38,7 +38,7 @@ # #======================================================================== # -# Version 2.1.0, released 20 Jun 2004. +# Version 3.2.0, released 31 Jul 2010. # # See http://backuppc.sourceforge.net. # @@ -77,6 +77,10 @@ die("BackupPC::Lib->new failed\n") if ( !(my $bpc = BackupPC::Lib->new) ); # Make sure the specified programs are executable # foreach my $prog ( ($tarCreate, $compPath, $splitPath, $parPath) ) { + if ( $prog =~ /[][;&()<>{}|^\n\r\t *\$\\'"`?]/ ) { + print("Error: executable path $prog contains suspicious characters\n"); + exit(1); + } next if ( $prog eq "" || -x $prog ); print("Error: $prog is not an executable program\n"); exit(1); @@ -86,8 +90,13 @@ my $mesg = "Writing tar archive for host $host, backup #$bkupNum"; # # Build the command we will run # -$share = $bpc->shellEscape($share); -$host = $bpc->shellEscape($host); +$share = $bpc->shellEscape($share); +$host = $bpc->shellEscape($host); +$bkupNum = $bpc->shellEscape($bkupNum); +$fileExt = $bpc->shellEscape($fileExt); +$splitSize = $bpc->shellEscape($splitSize); +$parfile = $bpc->shellEscape($parfile); +my $outLocE = $bpc->shellEscape($outLoc); # # We prefer to use /bin/csh because the exit status of a pipeline @@ -105,12 +114,14 @@ if ( -x "/bin/csh" ) { exit(1); } my $cmd = "$tarCreate -t -h $host -n $bkupNum -s $share . "; -$cmd .= "| $compPath " if ( $compPath ne "cat" && $compPath ne "" ); +$cmd .= "| $compPath " if ( $compPath ne "cat" + && $compPath ne "/bin/cat" + && $compPath ne "" ); if ( -b $outLoc || -c $outLoc || -f $outLoc ) { # # Output file is a device or a regular file, so don't use split # - $cmd .= ">> $outLoc"; + $cmd .= ">> $outLocE"; $mesg .= " to $outLoc"; } else { mkpath($outLoc) if ( !-d $outLoc ); @@ -119,11 +130,11 @@ if ( -b $outLoc || -c $outLoc || -f $outLoc ) { exit(1); } if ( $splitSize > 0 && -x $splitPath ) { - $cmd .= "| $splitPath -b $splitSize - $outLoc/$host.$bkupNum.tar$fileExt."; - $mesg .= ", split to output files $outLoc/$host.$bkupNum.tar$fileExt.*"; + $cmd .= "| $splitPath -b $splitSize - $outLocE/$host.$bkupNum.tar$fileExt."; + $mesg .= ", split to output files $outLocE/$host.$bkupNum.tar$fileExt.*"; } else { - $cmd .= "> $outLoc/$host.$bkupNum.tar$fileExt"; - $mesg .= " to output file $outLoc/$host.$bkupNum.tar$fileExt"; + $cmd .= "> $outLocE/$host.$bkupNum.tar$fileExt"; + $mesg .= " to output file $outLocE/$host.$bkupNum.tar$fileExt"; } } print("$mesg\n"); @@ -133,7 +144,7 @@ print("$mesg\n"); # my $ret = system(@shell, $cmd); if ( $ret ) { - print("Executing: @shell -cf $cmd\n"); + print("Executing: @shell $cmd\n"); print("Error: $tarCreate, compress or split failed\n"); exit(1); } @@ -143,9 +154,9 @@ if ( $ret ) { # ie: not a tape device). # if ( -d $outLoc && -x $parPath ) { - if ( $parfile != 0 ) { + if ( length($parfile) ) { print("Running $parPath to create parity files\n"); - my $parCmd = "$parPath c -r$parfile $outLoc/$host.$bkupNum.tar$fileExt.par2 $outLoc/$host.$bkupNum.tar$fileExt*"; + my $parCmd = "$parPath c -r$parfile $outLocE/$host.$bkupNum.tar$fileExt.par2 $outLocE/$host.$bkupNum.tar$fileExt*"; $ret = system($parCmd); if ( $ret ) { print("Executing: $parCmd\n");