| Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame^] | 1 | From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001 |
| 2 | From: Andreas Gruenbacher <agruen@gnu.org> |
| 3 | Date: Mon, 12 Feb 2018 16:48:24 +0100 |
| 4 | Subject: [PATCH] Fix segfault with mangled rename patch |
| 5 | |
| 6 | http://savannah.gnu.org/bugs/?53132 |
| 7 | * src/pch.c (intuit_diff_type): Ensure that two filenames are specified |
| 8 | for renames and copies (fix the existing check). |
| 9 | |
| 10 | Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a] |
| 11 | CVE: CVE-2018-6951 |
| 12 | |
| 13 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> |
| 14 | |
| 15 | --- |
| 16 | src/pch.c | 3 ++- |
| 17 | 1 file changed, 2 insertions(+), 1 deletion(-) |
| 18 | |
| 19 | diff --git a/src/pch.c b/src/pch.c |
| 20 | index ff9ed2c..bc6278c 100644 |
| 21 | --- a/src/pch.c |
| 22 | +++ b/src/pch.c |
| 23 | @@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) |
| 24 | if ((pch_rename () || pch_copy ()) |
| 25 | && ! inname |
| 26 | && ! ((i == OLD || i == NEW) && |
| 27 | - p_name[! reverse] && |
| 28 | + p_name[reverse] && p_name[! reverse] && |
| 29 | + name_is_valid (p_name[reverse]) && |
| 30 | name_is_valid (p_name[! reverse]))) |
| 31 | { |
| 32 | say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); |
| 33 | -- |
| 34 | 2.7.4 |
| 35 | |