patch/patch-CVE-2010-4651.patch

diff -up patch-2.6.1/Makefile.in.CVE-2010-4651 patch-2.6.1/Makefile.in
--- patch-2.6.1/Makefile.in.CVE-2010-4651	2009-12-30 12:56:30.000000000 +0000
+++ patch-2.6.1/Makefile.in	2011-02-10 12:29:32.926361705 +0000
@@ -192,6 +192,7 @@ installcheck::
 TESTS = \
 	tests/asymmetric-hunks \
 	tests/backup-prefix-suffix \
+	tests/bad-filenames \
 	tests/corrupt-reject-files \
 	tests/create-delete \
 	tests/crlf-handling \
diff -up patch-2.6.1/src/common.h.CVE-2010-4651 patch-2.6.1/src/common.h
--- patch-2.6.1/src/common.h.CVE-2010-4651	2011-02-10 12:30:29.142797627 +0000
+++ patch-2.6.1/src/common.h	2011-02-10 12:30:33.566989729 +0000
@@ -169,6 +169,7 @@ XTERN char *revision;			/* prerequisite 
 #endif
 
 void fatal_exit (int) __attribute__ ((noreturn));
+void validate_target_name (char const *n);
 
 #include <errno.h>
 #if !STDC_HEADERS && !defined errno
diff -up patch-2.6.1/src/patch.c.CVE-2010-4651 patch-2.6.1/src/patch.c
--- patch-2.6.1/src/patch.c.CVE-2010-4651	2011-02-10 12:30:20.721432124 +0000
+++ patch-2.6.1/src/patch.c	2011-02-10 12:30:33.567989772 +0000
@@ -34,6 +34,7 @@
 #include <util.h>
 #include <version.h>
 #include <xalloc.h>
+#include <dirname.h>
 
 /* procedures */
 
@@ -916,6 +917,26 @@ numeric_string (char const *string,
   return value;
 }
 
+void
+validate_target_name (char const *n)
+{
+  char const *p = n;
+  if (explicit_inname)
+    return;
+  if (IS_ABSOLUTE_FILE_NAME (p))
+    fatal ("rejecting absolute target file name: %s", quotearg (p));
+  while (*p)
+    {
+      if (*p == '.' && *++p == '.' && ( ! *++p || ISSLASH (*p)))
+	fatal ("rejecting target file name with \"..\" component: %s",
+	       quotearg (n));
+      while (*p && ! ISSLASH (*p))
+	p++;
+      while (ISSLASH (*p))
+	p++;
+    }
+}
+
 /* Attempt to find the right place to apply this hunk of patch. */
 
 static LINENUM
diff -up patch-2.6.1/src/pch.c.CVE-2010-4651 patch-2.6.1/src/pch.c
--- patch-2.6.1/src/pch.c.CVE-2010-4651	2009-12-30 12:56:30.000000000 +0000
+++ patch-2.6.1/src/pch.c	2011-02-10 12:30:33.573990033 +0000
@@ -3,7 +3,7 @@
 /* Copyright (C) 1986, 1987, 1988 Larry Wall
 
    Copyright (C) 1990, 1991, 1992, 1993, 1997, 1998, 1999, 2000, 2001,
-   2002, 2003, 2006, 2009 Free Software Foundation, Inc.
+   2002, 2003, 2006, 2009, 2011 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -199,6 +199,8 @@ maybe_reverse (char const *name, bool no
 {
   bool looks_reversed = (! is_empty) < p_says_nonexistent[reverse ^ is_empty];
 
+  validate_target_name (name);
+
   if (looks_reversed)
     reverse ^=
       ok_to_reverse ("The next patch%s would %s the file %s,\nwhich %s!",
@@ -725,6 +727,7 @@ intuit_diff_type (bool need_header)
 	inerrno = stat_errno[i];
 	invc = version_controlled[i];
 	instat = st[i];
+	validate_target_name (inname);
       }
 
     return retval;
diff -up patch-2.6.1/tests/bad-filenames.CVE-2010-4651 patch-2.6.1/tests/bad-filenames
--- patch-2.6.1/tests/bad-filenames.CVE-2010-4651	2011-02-10 12:29:32.931361921 +0000
+++ patch-2.6.1/tests/bad-filenames	2011-02-10 12:30:33.576990163 +0000
@@ -0,0 +1,71 @@
+# Copyright (C) 2011 Free Software Foundation, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# in any medium, are permitted without royalty provided the copyright
+# notice and this notice are preserved.
+
+. $srcdir/test-lib.sh
+
+use_local_patch
+use_tmpdir
+
+# ================================================================
+
+emit_2()
+{
+cat <<EOF
+--- $1
++++ $2
+@@ -0,0 +1 @@
++x
+EOF
+}
+
+emit_patch() { emit_2 /dev/null "$1"; }
+
+# Ensure that patch rejects an output file name that is absolute
+# or that contains a ".." component.
+
+check 'emit_patch /absolute/path | patch -p0; echo status: $?' <<EOF
+$PATCH: **** rejecting absolute target file name: /absolute/path
+status: 2
+EOF
+
+check 'emit_patch a/../z | patch -p0; echo status: $?' <<EOF
+$PATCH: **** rejecting target file name with ".." component: a/../z
+status: 2
+EOF
+
+check 'emit_patch a/../z | patch -p1; echo status: $?' <<EOF
+$PATCH: **** rejecting target file name with ".." component: ../z
+status: 2
+EOF
+
+check 'emit_patch a/.. | patch -p0; echo status: $?' <<EOF
+$PATCH: **** rejecting target file name with ".." component: a/..
+status: 2
+EOF
+
+check 'emit_patch ../z | patch -p0; echo status: $?' <<EOF
+$PATCH: **** rejecting target file name with ".." component: ../z
+status: 2
+EOF
+
+check 'emit_2 /abs/path target | patch -p0; echo status: $?' <<EOF
+patching file target
+status: 0
+EOF
+
+echo x > target
+check 'emit_2 /abs/path target | patch -R -p0; echo status: $?' <<EOF
+patching file target
+status: 0
+EOF
+
+# Do not validate any file name from the input when the target
+# is specified on the command line:
+touch abs
+check 'emit_patch /absolute/path | patch `pwd`/abs; echo status: $?' <<EOF
+patching file `pwd`/abs
+status: 0
+EOF
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00			`diff -up patch-2.6.1/Makefile.in.CVE-2010-4651 patch-2.6.1/Makefile.in`
Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`--- patch-2.6.1/Makefile.in.CVE-2010-4651 2009-12-30 12:56:30.000000000 +0000`
			`+++ patch-2.6.1/Makefile.in 2011-02-10 12:29:32.926361705 +0000`
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00			`@@ -192,6 +192,7 @@ installcheck::`
			`TESTS = \`
			`tests/asymmetric-hunks \`
			`tests/backup-prefix-suffix \`
			`+ tests/bad-filenames \`
			`tests/corrupt-reject-files \`
			`tests/create-delete \`
			`tests/crlf-handling \`
Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`diff -up patch-2.6.1/src/common.h.CVE-2010-4651 patch-2.6.1/src/common.h`
			`--- patch-2.6.1/src/common.h.CVE-2010-4651 2011-02-10 12:30:29.142797627 +0000`
			`+++ patch-2.6.1/src/common.h 2011-02-10 12:30:33.566989729 +0000`
			`@@ -169,6 +169,7 @@ XTERN char revision; / prerequisite`
			`#endif`
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00
Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`void fatal_exit (int) __attribute__ ((noreturn));`
			`+void validate_target_name (char const *n);`
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00
Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`#include <errno.h>`
			`#if !STDC_HEADERS && !defined errno`
			`diff -up patch-2.6.1/src/patch.c.CVE-2010-4651 patch-2.6.1/src/patch.c`
			`--- patch-2.6.1/src/patch.c.CVE-2010-4651 2011-02-10 12:30:20.721432124 +0000`
			`+++ patch-2.6.1/src/patch.c 2011-02-10 12:30:33.567989772 +0000`
			`@@ -34,6 +34,7 @@`
			`#include <util.h>`
			`#include <version.h>`
			`#include <xalloc.h>`
			`+#include <dirname.h>`

			`/* procedures */`

			`@@ -916,6 +917,26 @@ numeric_string (char const *string,`
			`return value;`
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00			`}`

Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`+void`
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00			`+validate_target_name (char const *n)`
			`+{`
			`+ char const *p = n;`
Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`+ if (explicit_inname)`
			`+ return;`
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00			`+ if (IS_ABSOLUTE_FILE_NAME (p))`
			`+ fatal ("rejecting absolute target file name: %s", quotearg (p));`
			`+ while (*p)`
			`+ {`
			`+ if (p == '.' && ++p == '.' && ( ! ++p \|\| ISSLASH (p)))`
			`+ fatal ("rejecting target file name with \"..\" component: %s",`
			`+ quotearg (n));`
			`+ while (p && ! ISSLASH (p))`
			`+ p++;`
			`+ while (ISSLASH (*p))`
			`+ p++;`
			`+ }`
			`+}`
			`+`
Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`/* Attempt to find the right place to apply this hunk of patch. */`

			`static LINENUM`
			`diff -up patch-2.6.1/src/pch.c.CVE-2010-4651 patch-2.6.1/src/pch.c`
			`--- patch-2.6.1/src/pch.c.CVE-2010-4651 2009-12-30 12:56:30.000000000 +0000`
			`+++ patch-2.6.1/src/pch.c 2011-02-10 12:30:33.573990033 +0000`
			`@@ -3,7 +3,7 @@`
			`/* Copyright (C) 1986, 1987, 1988 Larry Wall`

			`Copyright (C) 1990, 1991, 1992, 1993, 1997, 1998, 1999, 2000, 2001,`
			`- 2002, 2003, 2006, 2009 Free Software Foundation, Inc.`
			`+ 2002, 2003, 2006, 2009, 2011 Free Software Foundation, Inc.`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`@@ -199,6 +199,8 @@ maybe_reverse (char const *name, bool no`
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00			`{`
			`bool looks_reversed = (! is_empty) < p_says_nonexistent[reverse ^ is_empty];`

			`+ validate_target_name (name);`
			`+`
			`if (looks_reversed)`
			`reverse ^=`
			`ok_to_reverse ("The next patch%s would %s the file %s,\nwhich %s!",`
Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`@@ -725,6 +727,7 @@ intuit_diff_type (bool need_header)`
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00			`inerrno = stat_errno[i];`
			`invc = version_controlled[i];`
			`instat = st[i];`
			`+ validate_target_name (inname);`
			`}`

			`return retval;`
			`diff -up patch-2.6.1/tests/bad-filenames.CVE-2010-4651 patch-2.6.1/tests/bad-filenames`
Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`--- patch-2.6.1/tests/bad-filenames.CVE-2010-4651 2011-02-10 12:29:32.931361921 +0000`
			`+++ patch-2.6.1/tests/bad-filenames 2011-02-10 12:30:33.576990163 +0000`
			`@@ -0,0 +1,71 @@`
Applied upstream patch to fix CVE-2010-4651 (bug #667529). 2011-02-08 11:35:21 +00:00			`+# Copyright (C) 2011 Free Software Foundation, Inc.`
			`+#`
			`+# Copying and distribution of this file, with or without modification,`
			`+# in any medium, are permitted without royalty provided the copyright`
			`+# notice and this notice are preserved.`
			`+`
			`+. $srcdir/test-lib.sh`
			`+`
			`+use_local_patch`
			`+use_tmpdir`
			`+`
			`+# ================================================================`
			`+`
			`+emit_2()`
			`+{`
			`+cat <<EOF`
			`+--- $1`
			`++++ $2`
			`+@@ -0,0 +1 @@`
			`++x`
			`+EOF`
			`+}`
			`+`
			`+emit_patch() { emit_2 /dev/null "$1"; }`
			`+`
			`+# Ensure that patch rejects an output file name that is absolute`
			`+# or that contains a ".." component.`
			`+`
			`+check 'emit_patch /absolute/path \| patch -p0; echo status: $?' <<EOF`
			`+$PATCH: **** rejecting absolute target file name: /absolute/path`
			`+status: 2`
			`+EOF`
			`+`
			`+check 'emit_patch a/../z \| patch -p0; echo status: $?' <<EOF`
			`+$PATCH: **** rejecting target file name with ".." component: a/../z`
			`+status: 2`
			`+EOF`
			`+`
			`+check 'emit_patch a/../z \| patch -p1; echo status: $?' <<EOF`
			`+$PATCH: **** rejecting target file name with ".." component: ../z`
			`+status: 2`
			`+EOF`
			`+`
			`+check 'emit_patch a/.. \| patch -p0; echo status: $?' <<EOF`
			`+$PATCH: **** rejecting target file name with ".." component: a/..`
			`+status: 2`
			`+EOF`
			`+`
			`+check 'emit_patch ../z \| patch -p0; echo status: $?' <<EOF`
			`+$PATCH: **** rejecting target file name with ".." component: ../z`
			`+status: 2`
			`+EOF`
			`+`
			`+check 'emit_2 /abs/path target \| patch -p0; echo status: $?' <<EOF`
			`+patching file target`
			`+status: 0`
			`+EOF`
			`+`
			`+echo x > target`
			`+check 'emit_2 /abs/path target \| patch -R -p0; echo status: $?' <<EOF`
			`+patching file target`
			`+status: 0`
			`+EOF`
Incorporate upstream fix for CVE-2010-4651 patch (bug #667529). 2011-02-10 12:33:04 +00:00			`+`
			`+# Do not validate any file name from the input when the target`
			`+# is specified on the command line:`
			`+touch abs`
			+check 'emit_patch /absolute/path \| patch `pwd`/abs; echo status: $?' <<EOF
			+patching file `pwd`/abs
			`+status: 0`
			`+EOF`