Blame SOURCES/patch-2.7.6-CVE-2018-20969.patch
|
|
f13c65 |
diff -up patch-2.7.6/src/pch.c.CVE-2018-20969 patch-2.7.6/src/pch.c
|
|
|
f13c65 |
--- patch-2.7.6/src/pch.c.CVE-2018-20969 2019-09-02 15:40:09.087994204 +0200
|
|
|
f13c65 |
+++ patch-2.7.6/src/pch.c 2019-09-02 15:42:23.486485786 +0200
|
|
|
f13c65 |
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
|
|
|
f13c65 |
*outname_needs_removal = true;
|
|
|
f13c65 |
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
|
|
f13c65 |
}
|
|
|
f13c65 |
- sprintf (buf, "%s %s%s", editor_program,
|
|
|
f13c65 |
- verbosity == VERBOSE ? "" : "- ",
|
|
|
f13c65 |
- outname);
|
|
|
f13c65 |
fflush (stdout);
|
|
|
f13c65 |
|
|
|
f13c65 |
pid = fork();
|
|
|
f13c65 |
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
|
|
|
f13c65 |
else if (pid == 0)
|
|
|
f13c65 |
{
|
|
|
f13c65 |
dup2 (tmpfd, 0);
|
|
|
f13c65 |
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
|
|
|
f13c65 |
+ assert (outname[0] != '!' && outname[0] != '-');
|
|
|
f13c65 |
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
|
|
|
f13c65 |
_exit (2);
|
|
|
f13c65 |
}
|
|
|
f13c65 |
else
|