From 52edf8e99d0adf249d65f150e40cd7cdc49dd5a0 Mon Sep 17 00:00:00 2001
From: Andrew Robbins <contact@andrewrobbins.info>
Date: Wed, 19 Jul 2017 20:54:23 -0400
Subject: Avoid exploiting local variables' dynamic scoping

Local variables 'epoch_path' and 'rnd_seed_path' are moved from
libreboot_setup_variables() to
libreboot_setup_reproducible_builds_variables() in order to keep
things more-or-less lexical in the source code (local variables in
Bash are dynamic in scope).
---
 libreboot | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'libreboot')

diff --git a/libreboot b/libreboot
index bb6e4141..4c00b65e 100755
--- a/libreboot
+++ b/libreboot
@@ -154,8 +154,6 @@ libreboot_setup_include() {
 libreboot_setup_variables() {
 	local vboot_tools_path="$(project_install_path 'vboot' 'tools')"
 	local version_path="${root}/${DOTVERSION}"
-	local epoch_path="${root}/${DOTEPOCH}"
-	local rnd_seed_path="${root}/${DOTRNDSEED}"
 
 	if [[ -z "${VERSION}" ]]; then
 		if git_check "${root}"; then
@@ -175,6 +173,9 @@ libreboot_setup_variables() {
 }
 
 libreboot_setup_reproducible_builds_variables() {
+	local epoch_path="${root}/${DOTEPOCH}"
+	local rnd_seed_path="${root}/${DOTRNDSEED}"
+
 	# Used by GCC, e.g., -frandom-seed="${RANDOM_SEED}"
 	if [[ -z "${RANDOM_SEED}" ]]; then
 		if [[ -f "${rnd_seed_path}" ]]; then
-- 
cgit v1.2.3-70-g09d2