Context Navigation

source: patches/bzip2-1.0.3-bzgrep_security-1.patch @ f71c005

clfs-1.2clfs-2.1clfs-3.0.0-systemdclfs-3.0.0-sysvinitsystemdsysvinit

Last change on this file since f71c005 was 69cde8d, checked in by Jim Gifford <clfs@…>, 18 years ago
Added: All patches needed for the book.
Property mode set to `100644`
File size: 1.2 KB

Rev	Line
[69cde8d]	1	Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
	2	Date: 2005-08-09
	3	Initial Package Version: 1.0.3
	4	Upstream Status: Unknown.
	5	Origin: Jyri Ryska (RedHat) for fedora3
	6	Description: Fixes filename sanitisation in bzgrep.
	7	This fixes CAN-2005-0758 (if a user can be tricked into running
	8	bzgrep in an untrusted directory containing files with carefully
	9	crafted filenames, arbitrary commands could be executed as the user
	10	running bzgrep). Risk is reported as low. I've modified it to force
	11	the interpreter to be bash, some of the other shells in use won't
	12	like the bash syntax.
	13
	14	diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep
	15	--- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100
	16	+++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100
	17	@@ -1,4 +1,4 @@
	18	-#!/bin/sh
	19	+#!/bin/bash
	20
	21	# Bzgrep wrapped for bzip2,
	22	# adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux.
	23	@@ -63,7 +63,11 @@
	24	bzip2 -cdfq "$i" \| $grep $opt "$pat"
	25	r=$?
	26	else
	27	- bzip2 -cdfq "$i" \| $grep $opt "$pat" \| sed "s\|^\|${i}:\|"
	28	+ j=${i//\\/\\\\}
	29	+ j=${j//\|/\\\|}
	30	+ j=${j//&/\\&}
	31	+ j=`printf "%s" "$j" \| tr '\n' ' '`
	32	+ bzip2 -cdfq "$i" \| $grep $opt "$pat" \| sed "s\|^\|${j}:\|"
	33	r=$?
	34	fi
	35	test "$r" -ne 0 && res="$r"

Note: See TracBrowser for help on using the repository browser.