Contents of /trunk/bzip2/patches/bzip2-1.0.3-bzgrep_security-1.patch
Parent Directory | Revision Log
Revision 144 -
(show annotations)
(download)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 1248 byte(s)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 1248 byte(s)
-import
1 | Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net> |
2 | Date: 2005-08-09 |
3 | Initial Package Version: 1.0.3 |
4 | Upstream Status: Unknown. |
5 | Origin: Jyri Ryska (RedHat) for fedora3 |
6 | Description: Fixes filename sanitisation in bzgrep. |
7 | This fixes CAN-2005-0758 (if a user can be tricked into running |
8 | bzgrep in an untrusted directory containing files with carefully |
9 | crafted filenames, arbitrary commands could be executed as the user |
10 | running bzgrep). Risk is reported as low. I've modified it to force |
11 | the interpreter to be bash, some of the other shells in use won't |
12 | like the bash syntax. |
13 | |
14 | diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep |
15 | --- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100 |
16 | +++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100 |
17 | @@ -1,4 +1,4 @@ |
18 | -#!/bin/sh |
19 | +#!/bin/bash |
20 | |
21 | # Bzgrep wrapped for bzip2, |
22 | # adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux. |
23 | @@ -63,7 +63,11 @@ |
24 | bzip2 -cdfq "$i" | $grep $opt "$pat" |
25 | r=$? |
26 | else |
27 | - bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|" |
28 | + j=${i//\\/\\\\} |
29 | + j=${j//|/\\|} |
30 | + j=${j//&/\\&} |
31 | + j=`printf "%s" "$j" | tr '\n' ' '` |
32 | + bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" |
33 | r=$? |
34 | fi |
35 | test "$r" -ne 0 && res="$r" |