bzip2/patches/bzip2-1.0.3-bzgrep_security-1.patch

Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
Date: 2005-08-09
Initial Package Version: 1.0.3
Upstream Status: Unknown.
Origin: Jyri Ryska (RedHat) for fedora3
Description: Fixes filename sanitisation in bzgrep.
 This fixes CAN-2005-0758 (if a user can be tricked into running
bzgrep in an untrusted directory containing files with carefully
crafted filenames, arbitrary commands could be executed as the user
running bzgrep).  Risk is reported as low.  I've modified it to force
the interpreter to be bash, some of the other shells in use won't
like the bash syntax.

diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep
--- bzip2-1.0.3/bzgrep	2004-10-09 12:29:32.000000000 +0100
+++ bzip2-1.0.3-new/bzgrep	2005-08-09 21:36:37.000000000 +0100
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # Bzgrep wrapped for bzip2, 
 # adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux.
@@ -63,7 +63,11 @@
     bzip2 -cdfq "$i" | $grep $opt "$pat"
     r=$?
   else
-    bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|"
+    j=${i//\\/\\\\}
+    j=${j//|/\\|}
+    j=${j//&/\\&}
+    j=`printf "%s" "$j" | tr '\n' ' '`
+    bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
     r=$?
   fi
   test "$r" -ne 0 && res="$r"
1	niro	144	Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
2			Date: 2005-08-09
3			Initial Package Version: 1.0.3
4			Upstream Status: Unknown.
5			Origin: Jyri Ryska (RedHat) for fedora3
6			Description: Fixes filename sanitisation in bzgrep.
7			This fixes CAN-2005-0758 (if a user can be tricked into running
8			bzgrep in an untrusted directory containing files with carefully
9			crafted filenames, arbitrary commands could be executed as the user
10			running bzgrep). Risk is reported as low. I've modified it to force
11			the interpreter to be bash, some of the other shells in use won't
12			like the bash syntax.
13
14			diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep
15			--- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100
16			+++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100
17			@@ -1,4 +1,4 @@
18			-#!/bin/sh
19			+#!/bin/bash
20
21			# Bzgrep wrapped for bzip2,
22			# adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux.
23			@@ -63,7 +63,11 @@
24			bzip2 -cdfq "$i" \| $grep $opt "$pat"
25			r=$?
26			else
27			- bzip2 -cdfq "$i" \| $grep $opt "$pat" \| sed "s\|^\|${i}:\|"
28			+ j=${i//\\/\\\\}
29			+ j=${j//\|/\\\|}
30			+ j=${j//&/\\&}
31			+ j=`printf "%s" "$j" \| tr '\n' ' '`
32			+ bzip2 -cdfq "$i" \| $grep $opt "$pat" \| sed "s\|^\|${j}:\|"
33			r=$?
34			fi
35			test "$r" -ne 0 && res="$r"