Sanitize of MC_EXT_SELECTED variable when viewing multiple files

- CVE-2012-4463 (rhbz#862814) - https://www.midnight-commander.org/ticket/2913
2012-11-28 11:14:27 +01:00 · 2012-11-28 11:14:27 +01:00 · 269b62f828
commit 269b62f828
parent e745b3bcbd
2 changed files with 39 additions and 1 deletions
--- a/mc-ext.c_quote_mc_ext_env_vars.diff
+++ b/mc-ext.c_quote_mc_ext_env_vars.diff
@ -0,0 +1,31 @@
+--- ./src/filemanager/ext.c
+++ ./src/filemanager/ext.c
+@@ -155,12 +155,13 @@
+     {
+         const char symbol;
+         const char *name;
+        const char *delim;
+     } export_variables[] = {
+-        {'p', "MC_EXT_BASENAME"},
+-        {'d', "MC_EXT_CURRENTDIR"},
+-        {'s', "MC_EXT_SELECTED"},
+-        {'t', "MC_EXT_ONLYTAGGED"},
+-        {'\0', NULL}
+        {'p', "MC_EXT_BASENAME", ""},
+        {'d', "MC_EXT_CURRENTDIR", ""},
+        {'s', "MC_EXT_SELECTED", "\""},
+        {'t', "MC_EXT_ONLYTAGGED", "\""},
+        {'\0', NULL, 0}
+     };
+     /* *INDENT-ON* */
+ 
+@@ -178,7 +179,8 @@
+         if (text != NULL)
+         {
+             g_string_append_printf (export_vars_string,
+-                                    "%s=%s\nexport %s\n", export_variables[i].name, text,
+                                    "%s=%s%s%s\nexport %s\n", export_variables[i].name,
+                                    export_variables[i].delim, text, export_variables[i].delim,
+                                     export_variables[i].name);
+             g_free (text);
+         }
--- a/mc.spec
+++ b/mc.spec
@ -1,12 +1,13 @@
 Summary:	User-friendly text console file manager and visual shell
 Name:		mc
 Version:	4.8.6
-Release:	1%{?dist}
+Release:	2%{?dist}
 Epoch:		1
 License:	GPLv3+
 Group:		System Environment/Shells
 Source0:	http://www.midnight-commander.org/downloads/mc-%{version}.tar.xz
 URL:		http://www.midnight-commander.org/
+Patch0:		mc-ext.c_quote_mc_ext_env_vars.diff
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	glib2-devel e2fsprogs-devel slang-devel gpm-devel groff
 BuildRequires:	aspell-devel libssh2-devel >= 1.2.5
@ -20,6 +21,7 @@ specific files.

 %prep
 %setup -q
+%patch0 -p1 -b .CVE-2012-4463

 %build
 export CFLAGS="-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $RPM_OPT_FLAGS -Wno-strict-aliasing"
@ -75,6 +77,11 @@ rm -rf $RPM_BUILD_ROOT
 %dir %{_libexecdir}/mc/ext.d

 %changelog
+* Wed Nov 28 2012 Jindrich Novy <jnovy@redhat.com> 4.8.6-2
+- sanitize of MC_EXT_SELECTED variable when viewing
+  multiple files, CVE-2012-4463 (#862814)
+  https://www.midnight-commander.org/ticket/2913
+
 * Thu Sep 20 2012 Jindrich Novy <jnovy@redhat.com> 4.8.6-1
 - update to 4.8.6 (#857512)