From fc7741c79a84b90100c5e5672408effcdf7c6a92 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 2 Feb 2018 16:41:39 +0000 Subject: [PATCH] Bug fixing in scripts --- scripts/built-by.sh | 8 +++++--- scripts/hardened.sh | 6 +++--- scripts/run-on-binaries-in.sh | 22 ++++++---------------- 3 files changed, 14 insertions(+), 22 deletions(-) diff --git a/scripts/built-by.sh b/scripts/built-by.sh index b554697..a6fb7d6 100755 --- a/scripts/built-by.sh +++ b/scripts/built-by.sh @@ -456,7 +456,7 @@ scan_file () # FIXME: If we have a new enough version of readelf we could add the # --debug-dump=follow-links option to cope with separate debug info files.. - $scanner --wide --debug-dump=info $file | grep -e DW_AT_producer > $tmpfile + $scanner --wide --debug-dump=info $file 2>&1 | grep -e DW_AT_producer > $tmpfile eval 'builder=($(grep -e GNU $tmpfile))' if [ ${#builder[*]} -ge 11 ]; @@ -486,7 +486,8 @@ scan_file () # FIXME: We are using assumed knowledge of the layout of the builder comment. if [ ${#builder[*]} -lt 5 ]; then - if [ $ignore_unknown -eq 0 ]; then + if [ $ignore_unknown -eq 0 ]; + then verbose "$file: could not parse .comment section" report "$file: creator unknown" failed=1 @@ -498,7 +499,8 @@ scan_file () date_index=5 builder[2]="${builder[2]} ${builder[3]}" else - if [ $ignore_unknown -eq 0 ]; then + if [ $ignore_unknown -eq 0 ]; + then report "$file: creator unknown" failed=1 fi diff --git a/scripts/hardened.sh b/scripts/hardened.sh index 26d91cc..9a4b53f 100755 --- a/scripts/hardened.sh +++ b/scripts/hardened.sh @@ -632,7 +632,7 @@ check_for_stack_protector () # DW_AT_producer : (indirect string, offset: 0x0): GNU C11 6.3.1 20161221 (Red Hat 6.3.1-1) -fstack-proector-strong # into: # strong - eval hard=($(gawk -e 'BEGIN { FPAT = "-f[no-]*stack-protector[^ ]*" } /f/ { print substr ($1,19) ; }' $tmpfile | sort | uniq)) + eval hard=($(gawk 'BEGIN { FPAT = "-f[no-]*stack-protector[^ ]*" } /f/ { print substr ($1,19) ; }' $tmpfile | sort | uniq)) verbose "DW_AT_producer stack records: ${hard[*]}" fi @@ -697,7 +697,7 @@ check_for_pie_or_pic () # DW_AT_producer : (indirect string, offset: 0x0): GNU C11 6.3.1 20161221 (Red Hat 6.3.1-1) -g -O2 -fPIC # into: # PIC - eval hard=($(gawk -e 'BEGIN { FPAT = "-f[pP][iI][cCeE]" } /f/ { print substr ($1,3) ; }' $tmpfile | sort -u)) + eval hard=($(gawk 'BEGIN { FPAT = "-f[pP][iI][cCeE]" } /f/ { print substr ($1,3) ; }' $tmpfile | sort -u)) verbose "DW_AT_producer records: ${hard[*]}" fi @@ -764,7 +764,7 @@ check_optimization_level () # DW_AT_producer : (indirect string, offset: 0x0): GNU C11 6.3.1 20161221 (Red Hat 6.3.1-1) -g -O2 -fPIC # into: # 2 - eval hard=($(gawk -e 'BEGIN { FPAT = "-O[0123]" } /O[0123]/ { print substr ($1,3,1) ; }' $tmpfile | sort -u)) + eval hard=($(gawk 'BEGIN { FPAT = "-O[0123]" } /O[0123]/ { print substr ($1,3,1) ; }' $tmpfile | sort -u)) verbose "DW_AT_producer records: ${hard[*]}" diff --git a/scripts/run-on-binaries-in.sh b/scripts/run-on-binaries-in.sh index b023e15..0e34752 100755 --- a/scripts/run-on-binaries-in.sh +++ b/scripts/run-on-binaries-in.sh @@ -38,7 +38,7 @@ help () This is a shell script to run another script/program on one or more binary files. If the file(s) specified are archives of some kind (including rpms) -then the script/program is run on the binary excecutables inside the archive. +then the script/program is run on the binary executables inside the archive. Usage: $prog {options} program {options-for-the-program} files(s) @@ -47,7 +47,7 @@ Usage: $prog {options} program {options-for-the-program} files(s) -v --version Report the version number of this script. -V --verbose Report on progress. -q --quiet Do not include the script name in the output. - -i --ignore Silently ignore files that are not exectuables or archives. + -i --ignore Silently ignore files that are not executables or archives. -p= --prefix= Prefix normal output with this string. -t= --tmpdir= Temporary directory to use when opening archives. -f= --files-from= Process files listed in . @@ -109,16 +109,6 @@ report () echo ${1+"$@"} } -report_n () -{ - if [ $quiet -eq 0 ]; - then - echo -n $prog": " - fi - - echo -n ${1+"$@"} -} - ice () { report "Internal error: " ${1+"$@"} @@ -417,7 +407,7 @@ decompress () fail "$orig_file: Unable to decompress" fi - rm $base_file + rm -f $base_file } run_on_file () @@ -502,7 +492,7 @@ run_on_file () verbose "$file: ELF format - running script/program" if test "x$prefix" != "x" ; then - report_n "$prefix: " + report "$prefix:" fi run $script $script_opts $file return @@ -592,7 +582,7 @@ run_on_file () # Run the file type switch again, although this time we do not need to # check for unrecognised types. (But we do, just in case...) - # Note since are transforming the file we reinvoke the run-on-binaries + # Note since are transforming the file we re-invoke the run-on-binaries # script on the decoded contents. This allows for archives that contain # other archives, and so on. We normally pass the -i option to the # invoked script so that it will not complain about unrecognised files in @@ -659,7 +649,7 @@ run_on_file () decompress $abs_file xz "--quiet --decompress" $file ;; *) - ice "unahndled file type: $file_type" + ice "unhandled file type: $file_type" ;; esac -- 2.43.5