| Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 1 | From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 |
| 2 | From: Andreas Gruenbacher <agruen@gnu.org> |
| 3 | Date: Fri, 6 Apr 2018 19:36:15 +0200 |
| 4 | Subject: [PATCH] Invoke ed directly instead of using the shell |
| 5 | |
| 6 | * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell |
| 7 | command to avoid quoting vulnerabilities. |
| 8 | |
| Brad Bishop | 1d80a2e | 2019-11-15 16:35:03 -0500 | [diff] [blame^] | 9 | CVE: CVE-2019-13638 CVE-2018-20969 |
| 10 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] |
| Brad Bishop | 08902b0 | 2019-08-20 09:16:51 -0400 | [diff] [blame] | 11 | Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> |
| 12 | |
| 13 | --- |
| 14 | src/pch.c | 6 ++---- |
| 15 | 1 file changed, 2 insertions(+), 4 deletions(-) |
| 16 | |
| 17 | |
| 18 | diff --git a/src/pch.c b/src/pch.c |
| 19 | index 4fd5a05..16e001a 100644 |
| 20 | --- a/src/pch.c |
| 21 | +++ b/src/pch.c |
| 22 | @@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, |
| 23 | *outname_needs_removal = true; |
| 24 | copy_file (inname, outname, 0, exclusive, instat.st_mode, true); |
| 25 | } |
| 26 | - sprintf (buf, "%s %s%s", editor_program, |
| 27 | - verbosity == VERBOSE ? "" : "- ", |
| 28 | - outname); |
| 29 | fflush (stdout); |
| 30 | |
| 31 | pid = fork(); |
| 32 | @@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, |
| 33 | else if (pid == 0) |
| 34 | { |
| 35 | dup2 (tmpfd, 0); |
| 36 | - execl ("/bin/sh", "sh", "-c", buf, (char *) 0); |
| 37 | + assert (outname[0] != '!' && outname[0] != '-'); |
| 38 | + execlp (editor_program, editor_program, "-", outname, (char *) NULL); |
| 39 | _exit (2); |
| 40 | } |
| 41 | else |
| 42 | -- |
| 43 | 2.7.4 |
| 44 | |