Brad Bishop | c68388fc | 2019-08-26 01:33:31 -0400 | [diff] [blame^] | 1 | From 369dcccdfa6336e5a873d6d63705cfbe04c55727 Mon Sep 17 00:00:00 2001 |
| 2 | From: Jean Delvare <jdelvare@suse.de> |
| 3 | Date: Mon, 7 May 2018 15:14:45 +0200 |
| 4 | Subject: Don't leak temporary file on failed multi-file ed-style patch |
| 5 | |
| 6 | The previous fix worked fine with single-file ed-style patches, but |
| 7 | would still leak temporary files in the case of multi-file ed-style |
| 8 | patch. Fix that case as well, and extend the test case to check for |
| 9 | it. |
| 10 | |
| 11 | * src/patch.c (main): Unlink TMPEDNAME if needed before moving to |
| 12 | the next file in a patch. |
| 13 | |
| 14 | This closes bug #53820: |
| 15 | https://savannah.gnu.org/bugs/index.php?53820 |
| 16 | |
| 17 | Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)") |
| 18 | Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch") |
| 19 | |
| 20 | Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727] |
| 21 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> |
| 22 | --- |
| 23 | src/patch.c | 1 + |
| 24 | tests/ed-style | 31 +++++++++++++++++++++++++++++++ |
| 25 | 2 files changed, 32 insertions(+) |
| 26 | |
| 27 | diff --git a/src/patch.c b/src/patch.c |
| 28 | index 9146597..81c7a02 100644 |
| 29 | --- a/src/patch.c |
| 30 | +++ b/src/patch.c |
| 31 | @@ -236,6 +236,7 @@ main (int argc, char **argv) |
| 32 | } |
| 33 | remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal); |
| 34 | } |
| 35 | + remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal); |
| 36 | |
| 37 | if (! skip_rest_of_patch && ! file_type) |
| 38 | { |
| 39 | diff --git a/tests/ed-style b/tests/ed-style |
| 40 | index 6b6ef9d..504e6e5 100644 |
| 41 | --- a/tests/ed-style |
| 42 | +++ b/tests/ed-style |
| 43 | @@ -38,3 +38,34 @@ EOF |
| 44 | check 'cat foo' <<EOF |
| 45 | foo |
| 46 | EOF |
| 47 | + |
| 48 | +# Test the case where one ed-style patch modifies several files |
| 49 | + |
| 50 | +cat > ed3.diff <<EOF |
| 51 | +--- foo |
| 52 | ++++ foo |
| 53 | +1c |
| 54 | +bar |
| 55 | +. |
| 56 | +--- baz |
| 57 | ++++ baz |
| 58 | +0a |
| 59 | +baz |
| 60 | +. |
| 61 | +EOF |
| 62 | + |
| 63 | +# Apparently we can't create a file with such a patch, while it works fine |
| 64 | +# when the file name is provided on the command line |
| 65 | +cat > baz <<EOF |
| 66 | +EOF |
| 67 | + |
| 68 | +check 'patch -e -i ed3.diff' <<EOF |
| 69 | +EOF |
| 70 | + |
| 71 | +check 'cat foo' <<EOF |
| 72 | +bar |
| 73 | +EOF |
| 74 | + |
| 75 | +check 'cat baz' <<EOF |
| 76 | +baz |
| 77 | +EOF |
| 78 | -- |
| 79 | cgit v1.0-41-gc330 |
| 80 | |