Annotation of /trunk/bzip2/patches/bzip2-1.0.3-bzgrep_security-1.patch
Parent Directory | Revision Log
Revision 144 -
(hide annotations)
(download)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 1248 byte(s)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 1248 byte(s)
-import
1 | niro | 144 | Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net> |
2 | Date: 2005-08-09 | ||
3 | Initial Package Version: 1.0.3 | ||
4 | Upstream Status: Unknown. | ||
5 | Origin: Jyri Ryska (RedHat) for fedora3 | ||
6 | Description: Fixes filename sanitisation in bzgrep. | ||
7 | This fixes CAN-2005-0758 (if a user can be tricked into running | ||
8 | bzgrep in an untrusted directory containing files with carefully | ||
9 | crafted filenames, arbitrary commands could be executed as the user | ||
10 | running bzgrep). Risk is reported as low. I've modified it to force | ||
11 | the interpreter to be bash, some of the other shells in use won't | ||
12 | like the bash syntax. | ||
13 | |||
14 | diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep | ||
15 | --- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100 | ||
16 | +++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100 | ||
17 | @@ -1,4 +1,4 @@ | ||
18 | -#!/bin/sh | ||
19 | +#!/bin/bash | ||
20 | |||
21 | # Bzgrep wrapped for bzip2, | ||
22 | # adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux. | ||
23 | @@ -63,7 +63,11 @@ | ||
24 | bzip2 -cdfq "$i" | $grep $opt "$pat" | ||
25 | r=$? | ||
26 | else | ||
27 | - bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|" | ||
28 | + j=${i//\\/\\\\} | ||
29 | + j=${j//|/\\|} | ||
30 | + j=${j//&/\\&} | ||
31 | + j=`printf "%s" "$j" | tr '\n' ' '` | ||
32 | + bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" | ||
33 | r=$? | ||
34 | fi | ||
35 | test "$r" -ne 0 && res="$r" |