rpms / xdg-utils

Clone
Source Code
GIT

Blame SOURCES/CVE-2017-18266.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   aca8a11e6e7844956121df8059de07c3dec4f6a0
  2.   SOURCES
  3.   CVE-2017-18266.patch
Blob History Raw
aca8a1 
From ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb Mon Sep 17 00:00:00 2001
aca8a1 
From: Gabriel Corona <gabriel.corona@enst-bretagne.fr>
aca8a1 
Date: Mon, 19 Mar 2018 22:09:00 +0100
aca8a1 
Subject: [PATCH] Avoid argument injection vulnerability in open_envvar()
aca8a1
aca8a1 
---
aca8a1 
 scripts/xdg-open.in | 10 +++++++++-
aca8a1 
 1 file changed, 9 insertions(+), 1 deletion(-)
aca8a1
aca8a1 
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
aca8a1 
index 2972257..021524b 100644
aca8a1 
--- a/scripts/xdg-open.in
aca8a1 
+++ b/scripts/xdg-open.in
aca8a1 
@@ -351,6 +351,11 @@ open_generic_xdg_x_scheme_handler()
aca8a1 
     fi
aca8a1 
 }
aca8a1
aca8a1 
+has_single_argument()
aca8a1 
+{
aca8a1 
+  test $# = 1
aca8a1 
+}
aca8a1 
+
aca8a1 
 open_envvar()
aca8a1 
 {
aca8a1 
     local oldifs="$IFS"
aca8a1 
@@ -365,7 +370,10 @@ open_envvar()
aca8a1 
         fi
aca8a1
aca8a1 
         if echo "$browser" | grep -q %s; then
aca8a1 
-            $(printf "$browser" "$1")
aca8a1 
+            # Avoid argument injection.
aca8a1 
+            # See https://bugs.freedesktop.org/show_bug.cgi?id=103807
aca8a1 
+            # URIs don't have IFS characters spaces anyway.
aca8a1 
+            has_single_argument $1 && $(printf "$browser" "$1")
aca8a1 
         else
aca8a1 
             $browser "$1"
aca8a1 
         fi
aca8a1 
--
aca8a1 
2.17.1
aca8a1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation