43 lines
1.4 KiB
Diff
43 lines
1.4 KiB
Diff
From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Fri Apr 06 20:50:06 2018
|
|
From: Andreas Gruenbacher <agruen@gnu.org>
|
|
Date: Fri, 06 Apr 2018 19:36:15 +0200
|
|
Subject: [PATCH] Invoke ed directly instead of using the shell
|
|
* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
|
|
command to avoid quoting vulnerabilities.
|
|
|
|
fix CVE-2019-13638 CVE-2018-20969
|
|
|
|
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
|
|
|
|
---
|
|
src/pch.c | 6 ++----
|
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/pch.c b/src/pch.c
|
|
index a602cbb..250308d 100644
|
|
--- a/src/pch.c
|
|
+++ b/src/pch.c
|
|
@@ -2471,9 +2471,6 @@ do_ed_script (char const *inname, char const *outname,
|
|
*outname_needs_removal = true;
|
|
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
|
}
|
|
- sprintf (buf, "%s %s%s", editor_program,
|
|
- verbosity == VERBOSE ? "" : "- ",
|
|
- outname);
|
|
fflush (stdout);
|
|
|
|
pid = fork();
|
|
@@ -2482,7 +2479,8 @@ do_ed_script (char const *inname, char const *outname,
|
|
else if (pid == 0)
|
|
{
|
|
dup2 (tmpfd, 0);
|
|
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
|
|
+ assert (outname[0] != '!' && outname[0] != '-');
|
|
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
|
|
_exit (2);
|
|
}
|
|
else
|
|
--
|
|
1.8.3.1
|
|
|