jeans/motioneyeos
jeans/motioneyeos
1
0
Fork 0
mirror of https://github.com/motioneye-project/motioneyeos.git synced 2025-07-28 13:46:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

package/patch: fix CVE-2018-20969

Browse Source 
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings
beginning with a ! character. NOTE: this is the same commit as for
CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to
a shell metacharacter.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Fabrice Fontaine 2020-03-03 20:47:01 +01:00 committed by Thomas Petazzoni
parent 1a953aac95
commit 0835550ce9
2 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
package/patch/0004-Invoke-ed-directly-instead-of-using-the-shell.patch Normal file
View File

@ -0,0 +1,41 @@
From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri, 6 Apr 2018 19:36:15 +0200
Subject: Invoke ed directly instead of using the shell
* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
command to avoid quoting vulnerabilities.
[Retrieved from:
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/pch.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/pch.c b/src/pch.c
index 4fd5a05..16e001a 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
*outname_needs_removal = true;
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
}
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
fflush (stdout);
pid = fork();
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
else if (pid == 0)
{
dup2 (tmpfd, 0);
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ assert (outname[0] != '!' && outname[0] != '-');
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
_exit (2);
}
else
--
cgit v1.2.1

3
package/patch/patch.mk
View File

@ -16,6 +16,9 @@ PATCH_IGNORE_CVES += CVE-2018-6951
# 0003-Fix-arbitrary-command-execution-in-ed-style-patches-.patch # 0003-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
PATCH_IGNORE_CVES += CVE-2018-1000156 PATCH_IGNORE_CVES += CVE-2018-1000156
# 0004-Invoke-ed-directly-instead-of-using-the-shell.patch
PATCH_IGNORE_CVES += CVE-2018-20969
ifeq ($(BR2_PACKAGE_ATTR),y) ifeq ($(BR2_PACKAGE_ATTR),y)
PATCH_CONF_OPTS += --enable-xattr PATCH_CONF_OPTS += --enable-xattr
PATCH_DEPENDENCIES += attr PATCH_DEPENDENCIES += attr