maint: fix new syntax check failures from copy restrictions

* doc/coreutils.texi: Remove doubled word.
* src/targetdir.c: Explicitly mark exported function.
* tests/local.mk: This is not a root only test.
* tests/mv/vulnerable-target.sh: Use returns_.
Introduced in v8.28-3-g44ccd1c

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 98b04644ce2dc5734cdf604a1c136848633b8d84..9fa680a01224cdd287022f8460b2bca59ad95c35 100644 (file)
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -1296,7 +1296,7 @@ destination's name, or by using the @option{--target-directory}
 (For @command{cp}, @command{ln}, and @command{mv} you can also
 suppress the heuristic by setting the @env{POSIXLY_CORRECT}
 environment variable.)  For example, if @file{/tmp/risky/d} is a
-directory whose parent @file{/tmp/risky} is is world-writable and is
+directory whose parent @file{/tmp/risky} is world-writable and is
 not sticky, the command @samp{cp passwd /tmp/risky/d} fails with
 a diagnostic reporting a vulnerable target directory, as an attacker
 could replace @file{/tmp/risky/d} by a symbolic link to a victim

diff --git a/src/targetdir.c b/src/targetdir.c
index 0adaa1af00107f9015da746b234c90bcce2ac6b9..d577893ed16a6835c1d16ad5d25bb5c4bbe7ef54 100644 (file)
--- a/src/targetdir.c
+++ b/src/targetdir.c
@@ -20,13 +20,9 @@
 #include <targetdir.h>
 
 #include <die.h>
-#include <dirname.h>
 #include <root-uid.h>
 
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <unistd.h>
+#include "system.h"
 
 /* Check whether DIR, which the caller presumably has already verified
    is a directory or a symlink to a directory, is likely to be
@@ -43,7 +39,7 @@
    This function might temporarily modify the DIR string; it restores
    the string to its original value before returning.  */
 
-enum targetdir
+extern enum targetdir
 targetdir_operand_type (char *restrict dir,
                         struct stat const *restrict dir_lstat)
 {
@@ -53,7 +49,7 @@ targetdir_operand_type (char *restrict dir,
   /* If DIR ends in / or has a last component of . or .. then it is
      good enough.  */
   if (lclen == 0 || ISSLASH (lc[lclen - 1])
-      || strcmp (lc, ".") == 0 || strcmp (lc, "..") == 0)
+      || STREQ (lc, ".") || STREQ (lc, ".."))
     return TARGETDIR_OK;
 
   char lc0 = *lc;

diff --git a/tests/local.mk b/tests/local.mk
index 8cf63cd9ddcd14a84fcfb221db01f14af7ec5a21..70c49e8b7d1564b2df7ba95e0e8d0555f1f4e6bf 100644 (file)
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -130,7 +130,6 @@ all_root_tests =                            \
   tests/mkdir/smack-root.sh                    \
   tests/mv/hardlink-case.sh                    \
   tests/mv/sticky-to-xpart.sh                  \
-  tests/mv/vulnerable-target.sh                        \
   tests/rm/fail-2eperm.sh                      \
   tests/rm/no-give-up.sh                       \
   tests/rm/one-file-system.sh                  \
@@ -663,6 +662,7 @@ all_tests =                                 \
   tests/mv/to-symlink.sh                       \
   tests/mv/trailing-slash.sh                   \
   tests/mv/update.sh                           \
+  tests/mv/vulnerable-target.sh                        \
   tests/readlink/can-e.sh                      \
   tests/readlink/can-f.sh                      \
   tests/readlink/can-m.sh                      \

diff --git a/tests/mv/vulnerable-target.sh b/tests/mv/vulnerable-target.sh
index 99240346bf8e808324e66957b2a2349ccfc403e1..49ee363c6914fa8f32b01a4ceaf808fe5d2f46bd 100755 (executable)
--- a/tests/mv/vulnerable-target.sh
+++ b/tests/mv/vulnerable-target.sh
@@ -25,7 +25,7 @@ mkdir -m a+rwx risky || framework_failure_
 mkdir risky/d || framework_failure_
 echo foo >foo || framework_failure_
 
-mv foo risky/d && fail=1
+returns_ 1 mv foo risky/d || fail=1
 mv foo risky/d/ || fail=1
 mv risky/d/foo . || fail=1
 mv -t risky/d foo || fail=1