clfs-1.2
clfs-2.1
clfs-3.0.0-systemd
clfs-3.0.0-sysvinit
systemd
sysvinit
Last change
on this file since a0f4bc8 was 69cde8d, checked in by Jim Gifford <clfs@…>, 19 years ago |
Added: All patches needed for the book.
|
-
Property mode
set to
100644
|
File size:
1.2 KB
|
Rev | Line | |
---|
[69cde8d] | 1 | Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
|
---|
| 2 | Date: 2005-08-09
|
---|
| 3 | Initial Package Version: 1.0.3
|
---|
| 4 | Upstream Status: Unknown.
|
---|
| 5 | Origin: Jyri Ryska (RedHat) for fedora3
|
---|
| 6 | Description: Fixes filename sanitisation in bzgrep.
|
---|
| 7 | This fixes CAN-2005-0758 (if a user can be tricked into running
|
---|
| 8 | bzgrep in an untrusted directory containing files with carefully
|
---|
| 9 | crafted filenames, arbitrary commands could be executed as the user
|
---|
| 10 | running bzgrep). Risk is reported as low. I've modified it to force
|
---|
| 11 | the interpreter to be bash, some of the other shells in use won't
|
---|
| 12 | like the bash syntax.
|
---|
| 13 |
|
---|
| 14 | diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep
|
---|
| 15 | --- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100
|
---|
| 16 | +++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100
|
---|
| 17 | @@ -1,4 +1,4 @@
|
---|
| 18 | -#!/bin/sh
|
---|
| 19 | +#!/bin/bash
|
---|
| 20 |
|
---|
| 21 | # Bzgrep wrapped for bzip2,
|
---|
| 22 | # adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux.
|
---|
| 23 | @@ -63,7 +63,11 @@
|
---|
| 24 | bzip2 -cdfq "$i" | $grep $opt "$pat"
|
---|
| 25 | r=$?
|
---|
| 26 | else
|
---|
| 27 | - bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|"
|
---|
| 28 | + j=${i//\\/\\\\}
|
---|
| 29 | + j=${j//|/\\|}
|
---|
| 30 | + j=${j//&/\\&}
|
---|
| 31 | + j=`printf "%s" "$j" | tr '\n' ' '`
|
---|
| 32 | + bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
|
---|
| 33 | r=$?
|
---|
| 34 | fi
|
---|
| 35 | test "$r" -ne 0 && res="$r"
|
---|
Note:
See
TracBrowser
for help on using the repository browser.