amanda/CVE-2022-37704_part_2.patch

Description: Fix CVE-2022-37704, second vector (RSH)
Author: seetharaman-rajagopal https://github.com/seetharaman-rajagopal

Index: amanda.git/client-src/rundump.c
===================================================================
--- amanda.git.orig/client-src/rundump.c	2023-02-24 21:12:21.457531656 +0000
+++ amanda.git/client-src/rundump.c	2023-02-24 21:14:42.113754385 +0000
@@ -197,6 +197,24 @@ main(
     amfree(cmdline);
 
     env = safe_env();
+    //Filter or Discard RSH Environmental variable
+    int env_count = 0;
+    for (int i = 0; env[i] != NULL; i++){
+        env_count++;
+    }
+    for (int i = 0; i < env_count; i++){
+        if (strncmp(env[i], "RSH=", 4) == 0){
+            // Remove RSH
+            g_free(env[i]);
+            // move array elements one step left - which are after "RSH"
+            for (int j = i; j < env_count; j++){
+                env[j] = env[j + 1];
+            }
+            //decrease the variable count
+            env[env_count-1] = NULL;
+            break;
+        }
+    }
     execve(dump_program, argv, env);
     free_env(env);