diff mbox series

[kirkstone,27/28] create-spdx: handle links to inaccessible locations

Message ID 9661656987e547290cecb94cbf9b34335ae9d903.1661293746.git.steve@sakoman.com
State Accepted, archived
Commit 9661656987e547290cecb94cbf9b34335ae9d903
Headers show
Series [kirkstone,01/28] libtiff: CVE-2022-34526 A stack overflow was discovered | expand

Commit Message

Steve Sakoman Aug. 23, 2022, 10:35 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

When a link is pointing to location inaccessible to build user (e.g. "/root/something"),
filepath.is_file() throws "PermissionError: [Errno 13] Permission denied".
Fix this by first checking if it is a link.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e105befbe4ee0d85e94c2048a744f0373e2dbcdf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/create-spdx.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index ae484328fb..d735f20c20 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -210,7 +210,7 @@  def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv
             filepath = Path(subdir) / file
             filename = str(filepath.relative_to(topdir))
 
-            if filepath.is_file() and not filepath.is_symlink():
+            if not filepath.is_symlink() and filepath.is_file():
                 spdx_file = oe.spdx.SPDXFile()
                 spdx_file.SPDXID = get_spdxid(file_counter)
                 for t in get_types(filepath):