Skip to content

Commit bd8dac8

Browse files
erickterickt
committed
rustup: rewrite to protect against truncation
This closes #19168. It's possible that if the downloading of `rustup.sh` is interrupted, bad things could happen, such as running a naked "rm -rf /" instead of "rm -rf /path/to/tmpdir". This wraps rustup.sh's functionality in a function that gets called at the last time that should protect us from these truncation errors.
1 parent 8ca8e6f commit bd8dac8

File tree

1 file changed

+28
-18
lines changed

1 file changed

+28
-18
lines changed

src/etc/rustup.sh

Lines changed: 28 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -455,27 +455,37 @@ install_package() {
455455
fi
456456
}
457457

458-
rm -Rf "${CFG_TMP_DIR}"
459-
need_ok "failed to remove temporary installation directory"
458+
# It's possible that curl could be interrupted partway though downloading
459+
# `rustup.sh`, truncating the file. This could be especially bad if we were in
460+
# the middle of a line that would run "rm -rf ". To protect against this, we
461+
# wrap up the `rustup.sh` destructive functionality in this helper function,
462+
# which we call as the last thing we do. This means we will not do anything
463+
# unless we have the entire file downloaded.
464+
install_packages() {
465+
rm -Rf "${CFG_TMP_DIR}"
466+
need_ok "failed to remove temporary installation directory"
460467

461-
mkdir -p "${CFG_TMP_DIR}"
462-
need_ok "failed to create create temporary installation directory"
463-
464-
download_and_extract_package \
465-
"${RUST_URL}" \
466-
"${RUST_TARBALL_NAME}"
468+
mkdir -p "${CFG_TMP_DIR}"
469+
need_ok "failed to create create temporary installation directory"
467470

468-
if [ -z "${CFG_DISABLE_CARGO}" ]; then
469471
download_and_extract_package \
470-
"${CARGO_URL}" \
471-
"${CARGO_TARBALL_NAME}"
472-
fi
472+
"${RUST_URL}" \
473+
"${RUST_TARBALL_NAME}"
473474

474-
install_package "${RUST_LOCAL_INSTALL_SCRIPT}"
475+
if [ -z "${CFG_DISABLE_CARGO}" ]; then
476+
download_and_extract_package \
477+
"${CARGO_URL}" \
478+
"${CARGO_TARBALL_NAME}"
479+
fi
475480

476-
if [ -z "${CFG_DISABLE_CARGO}" ]; then
477-
install_package "${CARGO_LOCAL_INSTALL_SCRIPT}"
478-
fi
481+
install_package "${RUST_LOCAL_INSTALL_SCRIPT}"
482+
483+
if [ -z "${CFG_DISABLE_CARGO}" ]; then
484+
install_package "${CARGO_LOCAL_INSTALL_SCRIPT}"
485+
fi
486+
487+
rm -Rf "${CFG_TMP_DIR}"
488+
need_ok "couldn't rm temporary installation directory"
489+
}
479490

480-
rm -Rf "${CFG_TMP_DIR}"
481-
need_ok "couldn't rm temporary installation directory"
491+
install_packages

0 commit comments

Comments
 (0)