patch/patch-CVE-2010-4651.patch

diff -U0 patch-2.6.1/ChangeLog.CVE-2010-4651 patch-2.6.1/ChangeLog
diff -up patch-2.6.1/Makefile.in.CVE-2010-4651 patch-2.6.1/Makefile.in
--- patch-2.6.1/Makefile.in.CVE-2010-4651	2011-02-08 11:26:21.782503673 +0000
+++ patch-2.6.1/Makefile.in	2011-02-08 11:26:56.004078346 +0000
@@ -192,6 +192,7 @@ installcheck::
 TESTS = \
 	tests/asymmetric-hunks \
 	tests/backup-prefix-suffix \
+	tests/bad-filenames \
 	tests/corrupt-reject-files \
 	tests/create-delete \
 	tests/crlf-handling \
diff -up patch-2.6.1/NEWS.CVE-2010-4651 patch-2.6.1/NEWS
diff -up patch-2.6.1/src/pch.c.CVE-2010-4651 patch-2.6.1/src/pch.c
--- patch-2.6.1/src/pch.c.CVE-2010-4651	2009-12-30 12:56:30.000000000 +0000
+++ patch-2.6.1/src/pch.c	2011-02-08 11:25:53.821034698 +0000
@@ -3,7 +3,7 @@
 /* Copyright (C) 1986, 1987, 1988 Larry Wall
 
    Copyright (C) 1990, 1991, 1992, 1993, 1997, 1998, 1999, 2000, 2001,
-   2002, 2003, 2006, 2009 Free Software Foundation, Inc.
+   2002, 2003, 2006, 2009, 2011 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -194,11 +194,31 @@ grow_hunkmax (void)
     return false;
 }
 
+static void
+validate_target_name (char const *n)
+{
+  char const *p = n;
+  if (IS_ABSOLUTE_FILE_NAME (p))
+    fatal ("rejecting absolute target file name: %s", quotearg (p));
+  while (*p)
+    {
+      if (*p == '.' && *++p == '.' && ( ! *++p || ISSLASH (*p)))
+	fatal ("rejecting target file name with \"..\" component: %s",
+	       quotearg (n));
+      while (*p && ! ISSLASH (*p))
+	p++;
+      while (ISSLASH (*p))
+	p++;
+    }
+}
+
 static bool
 maybe_reverse (char const *name, bool nonexistent, bool is_empty)
 {
   bool looks_reversed = (! is_empty) < p_says_nonexistent[reverse ^ is_empty];
 
+  validate_target_name (name);
+
   if (looks_reversed)
     reverse ^=
       ok_to_reverse ("The next patch%s would %s the file %s,\nwhich %s!",
@@ -725,6 +745,7 @@ intuit_diff_type (bool need_header)
 	inerrno = stat_errno[i];
 	invc = version_controlled[i];
 	instat = st[i];
+	validate_target_name (inname);
       }
 
     return retval;
diff -up patch-2.6.1/tests/bad-filenames.CVE-2010-4651 patch-2.6.1/tests/bad-filenames
--- patch-2.6.1/tests/bad-filenames.CVE-2010-4651	2011-02-08 11:24:57.517092060 +0000
+++ patch-2.6.1/tests/bad-filenames	2011-02-08 11:24:57.518092076 +0000
@@ -0,0 +1,63 @@
+# Copyright (C) 2011 Free Software Foundation, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# in any medium, are permitted without royalty provided the copyright
+# notice and this notice are preserved.
+
+. $srcdir/test-lib.sh
+
+use_local_patch
+use_tmpdir
+
+# ================================================================
+
+emit_2()
+{
+cat <<EOF
+--- $1
++++ $2
+@@ -0,0 +1 @@
++x
+EOF
+}
+
+emit_patch() { emit_2 /dev/null "$1"; }
+
+# Ensure that patch rejects an output file name that is absolute
+# or that contains a ".." component.
+
+check 'emit_patch /absolute/path | patch -p0; echo status: $?' <<EOF
+$PATCH: **** rejecting absolute target file name: /absolute/path
+status: 2
+EOF
+
+check 'emit_patch a/../z | patch -p0; echo status: $?' <<EOF
+$PATCH: **** rejecting target file name with ".." component: a/../z
+status: 2
+EOF
+
+check 'emit_patch a/../z | patch -p1; echo status: $?' <<EOF
+$PATCH: **** rejecting target file name with ".." component: ../z
+status: 2
+EOF
+
+check 'emit_patch a/.. | patch -p0; echo status: $?' <<EOF
+$PATCH: **** rejecting target file name with ".." component: a/..
+status: 2
+EOF
+
+check 'emit_patch ../z | patch -p0; echo status: $?' <<EOF
+$PATCH: **** rejecting target file name with ".." component: ../z
+status: 2
+EOF
+
+check 'emit_2 /abs/path target | patch -p0; echo status: $?' <<EOF
+patching file target
+status: 0
+EOF
+
+echo x > target
+check 'emit_2 /abs/path target | patch -R -p0; echo status: $?' <<EOF
+patching file target
+status: 0
+EOF