| From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 |
| From: Andreas Gruenbacher <agruen@gnu.org> |
| Date: Fri, 6 Apr 2018 19:36:15 +0200 |
| Subject: [PATCH] Invoke ed directly instead of using the shell |
| |
| * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell |
| command to avoid quoting vulnerabilities. |
| |
| CVE: CVE-2019-13638 CVE-2018-20969 |
| Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] |
| Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> |
| |
| --- |
| src/pch.c | 6 ++---- |
| 1 file changed, 2 insertions(+), 4 deletions(-) |
| |
| |
| diff --git a/src/pch.c b/src/pch.c |
| index 4fd5a05..16e001a 100644 |
| --- a/src/pch.c |
| +++ b/src/pch.c |
| @@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, |
| *outname_needs_removal = true; |
| copy_file (inname, outname, 0, exclusive, instat.st_mode, true); |
| } |
| - sprintf (buf, "%s %s%s", editor_program, |
| - verbosity == VERBOSE ? "" : "- ", |
| - outname); |
| fflush (stdout); |
| |
| pid = fork(); |
| @@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, |
| else if (pid == 0) |
| { |
| dup2 (tmpfd, 0); |
| - execl ("/bin/sh", "sh", "-c", buf, (char *) 0); |
| + assert (outname[0] != '!' && outname[0] != '-'); |
| + execlp (editor_program, editor_program, "-", outname, (char *) NULL); |
| _exit (2); |
| } |
| else |
| -- |
| 2.7.4 |
| |