rpms / patch

Clone
Source Code
GIT

Blame SOURCES/patch-2.7.6-CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9
  2.   SOURCES
  3.   patch-2.7.6-CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell.patch
Blob History Raw
0a6a4f 
commit 3fcd042d26d70856e826a42b5f93dc4854d80bf0
0a6a4f 
Author: Andreas Gruenbacher <agruen@gnu.org>
0a6a4f 
Date:   Fri Apr 6 19:36:15 2018 +0200
0a6a4f
0a6a4f 
    Invoke ed directly instead of using the shell
0a6a4f
0a6a4f 
    * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
0a6a4f 
    command to avoid quoting vulnerabilities.
0a6a4f
0a6a4f 
diff --git a/src/pch.c b/src/pch.c
0a6a4f 
index 4fd5a05..16e001a 100644
0a6a4f 
--- a/src/pch.c
0a6a4f 
+++ b/src/pch.c
0a6a4f 
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
0a6a4f 
 	    *outname_needs_removal = true;
0a6a4f 
 	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
0a6a4f 
 	  }
0a6a4f 
-	sprintf (buf, "%s %s%s", editor_program,
0a6a4f 
-		 verbosity == VERBOSE ? "" : "- ",
0a6a4f 
-		 outname);
0a6a4f 
 	fflush (stdout);
0a6a4f
0a6a4f 
 	pid = fork();
0a6a4f 
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
0a6a4f 
 	else if (pid == 0)
0a6a4f 
 	  {
0a6a4f 
 	    dup2 (tmpfd, 0);
0a6a4f 
-	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
0a6a4f 
+	    assert (outname[0] != '!' && outname[0] != '-');
0a6a4f 
+	    execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
0a6a4f 
 	    _exit (2);
0a6a4f 
 	  }
0a6a4f 
 	else

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation