source: patches/bzip2-1.0.3-bzgrep_security-1.patch@ 0c3999a

clfs-1.2 clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since 0c3999a was 69cde8d, checked in by Jim Gifford <clfs@…>, 19 years ago

Added: All patches needed for the book.

  • Property mode set to 100644
File size: 1.2 KB
  • bzip2-1.0.

    Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
    Date: 2005-08-09
    Initial Package Version: 1.0.3
    Upstream Status: Unknown.
    Origin: Jyri Ryska (RedHat) for fedora3
    Description: Fixes filename sanitisation in bzgrep.
     This fixes CAN-2005-0758 (if a user can be tricked into running
    bzgrep in an untrusted directory containing files with carefully
    crafted filenames, arbitrary commands could be executed as the user
    running bzgrep).  Risk is reported as low.  I've modified it to force
    the interpreter to be bash, some of the other shells in use won't
    like the bash syntax.
    
    diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep
    old new  
    1 #!/bin/sh
     1#!/bin/bash
    22
    33# Bzgrep wrapped for bzip2,
    44# adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux.
     
    6363    bzip2 -cdfq "$i" | $grep $opt "$pat"
    6464    r=$?
    6565  else
    66     bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|"
     66    j=${i//\\/\\\\}
     67    j=${j//|/\\|}
     68    j=${j//&/\\&}
     69    j=`printf "%s" "$j" | tr '\n' ' '`
     70    bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
    6771    r=$?
    6872  fi
    6973  test "$r" -ne 0 && res="$r"
Note: See TracBrowser for help on using the repository browser.