diff options
author | CyberLeo <cyberleo@cyberleo.net> | 2020-03-28 05:45:52 -0500 |
---|---|---|
committer | CyberLeo <cyberleo@cyberleo.net> | 2020-03-28 05:45:52 -0500 |
commit | 9297468fa579836e3a6a381b798feb6b78217c2d (patch) | |
tree | 53168212f427afbcf0693b534530a4af803152e9 /system/cvs/CVE-2017-12836.patch | |
parent | a63cc05c53a6f4c22422dc8c69808b14d87a6f6e (diff) | |
parent | da5a69b65a8791fffa6e93366ee585f87eff136d (diff) | |
download | packages-9297468fa579836e3a6a381b798feb6b78217c2d.tar.gz packages-9297468fa579836e3a6a381b798feb6b78217c2d.tar.bz2 packages-9297468fa579836e3a6a381b798feb6b78217c2d.tar.xz packages-9297468fa579836e3a6a381b798feb6b78217c2d.zip |
Merge branch 'master' into zfs
Diffstat (limited to 'system/cvs/CVE-2017-12836.patch')
-rw-r--r-- | system/cvs/CVE-2017-12836.patch | 61 |
1 files changed, 20 insertions, 41 deletions
diff --git a/system/cvs/CVE-2017-12836.patch b/system/cvs/CVE-2017-12836.patch index 770115a5e..d6fc3b035 100644 --- a/system/cvs/CVE-2017-12836.patch +++ b/system/cvs/CVE-2017-12836.patch @@ -1,58 +1,37 @@ -From 0afbcf387fbfcc951caa5335e67b7b7eebffdaf9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> -Date: Mon, 14 Aug 2017 10:32:25 +0200 Subject: [PATCH] Fix CVE-2017-12836 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit +From: Thorsten Glaser <tg@mirbsd.de> -The hostname passed to RSH (ssh) client could be interpreted by -OpenSSH client as an option and lead to local command execution. - -This fix adds no-more-options "--" separator before the hostname -argument to the RSH client command. - -Original patch by Thorsten Glaser <tg@mirbsd.de> from -<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810> ported to -1.11.23. - -Signed-off-by: Petr Písař <ppisar@redhat.com> ---- - src/client.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/client.c b/src/client.c -index 2bef1a0..e87cda9 100644 ---- a/src/client.c -+++ b/src/client.c -@@ -4839,7 +4839,7 @@ start_rsh_server (root, to_server, from_server) - char *cvs_rsh; - char *cvs_server = getenv ("CVS_SERVER"); +--- cvs-1.12.13+real/src/rsh-client.c ++++ cvs-1.12.13+real/src/rsh-client.c +@@ -53,7 +53,8 @@ + char *cvs_server = (root->cvs_server != NULL + ? root->cvs_server : getenv ("CVS_SERVER")); int i = 0; - /* This needs to fit "rsh", "-b", "-l", "USER", "host", -+ /* This needs to fit "rsh", "-b", "-l", "USER", "--", "host", - "cmd (w/ args)", and NULL. We leave some room to grow. */ - char *rsh_argv[10]; - -@@ -4866,6 +4866,9 @@ start_rsh_server (root, to_server, from_server) - rsh_argv[i++] = root->username; +- "cmd (w/ args)", and NULL. We leave some room to grow. */ +- char *rsh_argv[10]; ++ /* This needs to fit "rsh", "-b", "-l", "USER", "-p", port, ++ "--", "host", "cvs", "-R", "server", and NULL. ++ We leave some room to grow. */ ++ char *rsh_argv[16]; + +@@ -105,6 +106,9 @@ + rsh_argv[i++] = argvport; } - + + /* Only non-option arguments from here. (CVE-2017-12836) */ + rsh_argv[i++] = "--"; + rsh_argv[i++] = root->hostname; rsh_argv[i++] = cvs_server; - rsh_argv[i++] = "server"; -@@ -4944,6 +4947,8 @@ start_rsh_server (root, to_server, from_server) - *p++ = root->username; + if (readonlyfs) +@@ -189,6 +193,8 @@ + *p++ = argvport; } - + + *p++ = "--"; + *p++ = root->hostname; *p++ = command; *p++ = NULL; --- -2.9.5 |