rpms / xdg-utils

Clone
Source Code
GIT

Blame SOURCES/CVE-2017-18266.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   62ab29c32e8185634eb09f88d281e935eb9deca8
  2.   SOURCES
  3.   CVE-2017-18266.patch
Blob History Raw
62ab29 
From ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb Mon Sep 17 00:00:00 2001
62ab29 
From: Gabriel Corona <gabriel.corona@enst-bretagne.fr>
62ab29 
Date: Mon, 19 Mar 2018 22:09:00 +0100
62ab29 
Subject: [PATCH] Avoid argument injection vulnerability in open_envvar()
62ab29
62ab29 
---
62ab29 
 scripts/xdg-open.in | 10 +++++++++-
62ab29 
 1 file changed, 9 insertions(+), 1 deletion(-)
62ab29
62ab29 
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
62ab29 
index 2972257..021524b 100644
62ab29 
--- a/scripts/xdg-open.in
62ab29 
+++ b/scripts/xdg-open.in
62ab29 
@@ -351,6 +351,11 @@ open_generic_xdg_x_scheme_handler()
62ab29 
     fi
62ab29 
 }
62ab29
62ab29 
+has_single_argument()
62ab29 
+{
62ab29 
+  test $# = 1
62ab29 
+}
62ab29 
+
62ab29 
 open_envvar()
62ab29 
 {
62ab29 
     local oldifs="$IFS"
62ab29 
@@ -365,7 +370,10 @@ open_envvar()
62ab29 
         fi
62ab29
62ab29 
         if echo "$browser" | grep -q %s; then
62ab29 
-            $(printf "$browser" "$1")
62ab29 
+            # Avoid argument injection.
62ab29 
+            # See https://bugs.freedesktop.org/show_bug.cgi?id=103807
62ab29 
+            # URIs don't have IFS characters spaces anyway.
62ab29 
+            has_single_argument $1 && $(printf "$browser" "$1")
62ab29 
         else
62ab29 
             $browser "$1"
62ab29 
         fi
62ab29 
--
62ab29 
2.17.1
62ab29

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation