source: patches/bzip2-1.0.3-bzgrep_security-1.patch@ d4b9e928

clfs-1.2 clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since d4b9e928 was 69cde8d, checked in by Jim Gifford <clfs@…>, 19 years ago

Added: All patches needed for the book.

  • Property mode set to 100644
File size: 1.2 KB
RevLine 
[69cde8d]1Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
2Date: 2005-08-09
3Initial Package Version: 1.0.3
4Upstream Status: Unknown.
5Origin: Jyri Ryska (RedHat) for fedora3
6Description: Fixes filename sanitisation in bzgrep.
7 This fixes CAN-2005-0758 (if a user can be tricked into running
8bzgrep in an untrusted directory containing files with carefully
9crafted filenames, arbitrary commands could be executed as the user
10running bzgrep). Risk is reported as low. I've modified it to force
11the interpreter to be bash, some of the other shells in use won't
12like the bash syntax.
13
14diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep
15--- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100
16+++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100
17@@ -1,4 +1,4 @@
18-#!/bin/sh
19+#!/bin/bash
20
21 # Bzgrep wrapped for bzip2,
22 # adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux.
23@@ -63,7 +63,11 @@
24 bzip2 -cdfq "$i" | $grep $opt "$pat"
25 r=$?
26 else
27- bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|"
28+ j=${i//\\/\\\\}
29+ j=${j//|/\\|}
30+ j=${j//&/\\&}
31+ j=`printf "%s" "$j" | tr '\n' ' '`
32+ bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
33 r=$?
34 fi
35 test "$r" -ne 0 && res="$r"
Note: See TracBrowser for help on using the repository browser.