SHA256
1
0
forked from pool/patch
patch/ed-style-04-invoke-ed-directly.patch
Jean Delvare 113fbdee3e Fix CVE-2018-1000156 (bsc#1088420, savannah#53566).
- ed-style-01-missing-input-files.patch: Allow input files to be
  missing for ed-style patches.
- ed-style-02-fix-arbitrary-command-execution.patch,
  ed-style-03-update-test-Makefile.patch: Fix arbitrary command
  execution in ed-style patches.
- ed-style-04-invoke-ed-directly.patch: Invoke ed directly instead
  of using the shell.
- ed-style-05-minor-cleanups.patch: Minor cleanups in do_ed_script.
- ed-style-06-fix-test-failure.patch: Fix 'ed-style' test failure.

OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=58
2018-04-18 08:58:17 +00:00

36 lines
1.1 KiB
Diff

From: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri, 6 Apr 2018 19:36:15 +0200
Subject: Invoke ed directly instead of using the shell
Git-commit: 3fcd042d26d70856e826a42b5f93dc4854d80bf0
Patch-mainline: yes
References: bsc#1088420, savannah#53566, CVE-2018-1000156
* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
command to avoid quoting vulnerabilities.
---
src/pch.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/src/pch.c
+++ b/src/pch.c
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
*outname_needs_removal = true;
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
}
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
fflush (stdout);
pid = fork();
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
else if (pid == 0)
{
dup2 (tmpfd, 0);
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ assert (outname[0] != '!' && outname[0] != '-');
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
_exit (2);
}
else