From 726b25769717e3378323374189b6cee4f6b0530b Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 24 Feb 2012 11:16:25 +0100
Subject: [PATCH] filter allowed chroots: only -dchroot matching names are
 acceptable

---
 apt-in-chroot | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apt-in-chroot b/apt-in-chroot
index cdf8395..0702a00 100755
--- a/apt-in-chroot
+++ b/apt-in-chroot
@@ -55,12 +55,14 @@ if [ -x /usr/bin/dchroot ] ; then
 	chroots=$(dchroot -l 2>&1 | awk -F": " '{print $2}' | tr ' ' '\n')
 	method=dchroot
 	suffix[${#suffix[*]}]="_$(dpkg --print-architecture)"
+	allowed_filter='.'
 elif [ -x /usr/bin/schroot ] ; then
 	chroots=$(schroot -l | awk -F":" '{print $2}' | grep -- '-dchroot$' )
 	method=schroot
 	suffix[${#suffix[*]}]=""
 	suffix[${#suffix[*]}]="-dchroot"
 	suffix[${#suffix[*]}]="-$(dpkg --print-architecture)-dchroot"
+	allowed_filter='-dchroot$'
 else
 	echo >&2 "Cannot find chroot wrapper."
 	exit 1
@@ -79,8 +81,12 @@ if ! [ -n "$requested_chroot" ]; then
 	echo >&2 "$CHROOT is not a valid dchroot.  Available chroots are:"
 	echo "$chroots"
 	exit 1
+elif ! [[ "$requested_chroot" =~ $allowed_filter ]]; then  # do not quote the regex
+	echo >&2 "$CHROOT is not a valid dchroot.  While it exists, this script may not touch it.  Chroot names must match $allowed_filter."
+	exit 1
 fi
 
+
 case "$APTCMD" in
 install|remove|purge|build-dep|update|upgrade|dist-upgrade)
 	# those are the allowed apt sub-commands
-- 
2.30.2