165 lines
4.9 KiB
Diff
165 lines
4.9 KiB
Diff
diff -up patch-2.6.1/Makefile.in.CVE-2010-4651 patch-2.6.1/Makefile.in
|
|
--- patch-2.6.1/Makefile.in.CVE-2010-4651 2009-12-30 12:56:30.000000000 +0000
|
|
+++ patch-2.6.1/Makefile.in 2011-02-10 12:29:32.926361705 +0000
|
|
@@ -192,6 +192,7 @@ installcheck::
|
|
TESTS = \
|
|
tests/asymmetric-hunks \
|
|
tests/backup-prefix-suffix \
|
|
+ tests/bad-filenames \
|
|
tests/corrupt-reject-files \
|
|
tests/create-delete \
|
|
tests/crlf-handling \
|
|
diff -up patch-2.6.1/src/common.h.CVE-2010-4651 patch-2.6.1/src/common.h
|
|
--- patch-2.6.1/src/common.h.CVE-2010-4651 2011-02-10 12:30:29.142797627 +0000
|
|
+++ patch-2.6.1/src/common.h 2011-02-10 12:30:33.566989729 +0000
|
|
@@ -169,6 +169,7 @@ XTERN char *revision; /* prerequisite
|
|
#endif
|
|
|
|
void fatal_exit (int) __attribute__ ((noreturn));
|
|
+void validate_target_name (char const *n);
|
|
|
|
#include <errno.h>
|
|
#if !STDC_HEADERS && !defined errno
|
|
diff -up patch-2.6.1/src/patch.c.CVE-2010-4651 patch-2.6.1/src/patch.c
|
|
--- patch-2.6.1/src/patch.c.CVE-2010-4651 2011-02-10 12:30:20.721432124 +0000
|
|
+++ patch-2.6.1/src/patch.c 2011-02-10 12:30:33.567989772 +0000
|
|
@@ -34,6 +34,7 @@
|
|
#include <util.h>
|
|
#include <version.h>
|
|
#include <xalloc.h>
|
|
+#include <dirname.h>
|
|
|
|
/* procedures */
|
|
|
|
@@ -916,6 +917,26 @@ numeric_string (char const *string,
|
|
return value;
|
|
}
|
|
|
|
+void
|
|
+validate_target_name (char const *n)
|
|
+{
|
|
+ char const *p = n;
|
|
+ if (explicit_inname)
|
|
+ return;
|
|
+ if (IS_ABSOLUTE_FILE_NAME (p))
|
|
+ fatal ("rejecting absolute target file name: %s", quotearg (p));
|
|
+ while (*p)
|
|
+ {
|
|
+ if (*p == '.' && *++p == '.' && ( ! *++p || ISSLASH (*p)))
|
|
+ fatal ("rejecting target file name with \"..\" component: %s",
|
|
+ quotearg (n));
|
|
+ while (*p && ! ISSLASH (*p))
|
|
+ p++;
|
|
+ while (ISSLASH (*p))
|
|
+ p++;
|
|
+ }
|
|
+}
|
|
+
|
|
/* Attempt to find the right place to apply this hunk of patch. */
|
|
|
|
static LINENUM
|
|
diff -up patch-2.6.1/src/pch.c.CVE-2010-4651 patch-2.6.1/src/pch.c
|
|
--- patch-2.6.1/src/pch.c.CVE-2010-4651 2009-12-30 12:56:30.000000000 +0000
|
|
+++ patch-2.6.1/src/pch.c 2011-02-10 12:30:33.573990033 +0000
|
|
@@ -3,7 +3,7 @@
|
|
/* Copyright (C) 1986, 1987, 1988 Larry Wall
|
|
|
|
Copyright (C) 1990, 1991, 1992, 1993, 1997, 1998, 1999, 2000, 2001,
|
|
- 2002, 2003, 2006, 2009 Free Software Foundation, Inc.
|
|
+ 2002, 2003, 2006, 2009, 2011 Free Software Foundation, Inc.
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
@@ -199,6 +199,8 @@ maybe_reverse (char const *name, bool no
|
|
{
|
|
bool looks_reversed = (! is_empty) < p_says_nonexistent[reverse ^ is_empty];
|
|
|
|
+ validate_target_name (name);
|
|
+
|
|
if (looks_reversed)
|
|
reverse ^=
|
|
ok_to_reverse ("The next patch%s would %s the file %s,\nwhich %s!",
|
|
@@ -725,6 +727,7 @@ intuit_diff_type (bool need_header)
|
|
inerrno = stat_errno[i];
|
|
invc = version_controlled[i];
|
|
instat = st[i];
|
|
+ validate_target_name (inname);
|
|
}
|
|
|
|
return retval;
|
|
diff -up patch-2.6.1/tests/bad-filenames.CVE-2010-4651 patch-2.6.1/tests/bad-filenames
|
|
--- patch-2.6.1/tests/bad-filenames.CVE-2010-4651 2011-02-10 12:29:32.931361921 +0000
|
|
+++ patch-2.6.1/tests/bad-filenames 2011-02-10 12:30:33.576990163 +0000
|
|
@@ -0,0 +1,71 @@
|
|
+# Copyright (C) 2011 Free Software Foundation, Inc.
|
|
+#
|
|
+# Copying and distribution of this file, with or without modification,
|
|
+# in any medium, are permitted without royalty provided the copyright
|
|
+# notice and this notice are preserved.
|
|
+
|
|
+. $srcdir/test-lib.sh
|
|
+
|
|
+use_local_patch
|
|
+use_tmpdir
|
|
+
|
|
+# ================================================================
|
|
+
|
|
+emit_2()
|
|
+{
|
|
+cat <<EOF
|
|
+--- $1
|
|
++++ $2
|
|
+@@ -0,0 +1 @@
|
|
++x
|
|
+EOF
|
|
+}
|
|
+
|
|
+emit_patch() { emit_2 /dev/null "$1"; }
|
|
+
|
|
+# Ensure that patch rejects an output file name that is absolute
|
|
+# or that contains a ".." component.
|
|
+
|
|
+check 'emit_patch /absolute/path | patch -p0; echo status: $?' <<EOF
|
|
+$PATCH: **** rejecting absolute target file name: /absolute/path
|
|
+status: 2
|
|
+EOF
|
|
+
|
|
+check 'emit_patch a/../z | patch -p0; echo status: $?' <<EOF
|
|
+$PATCH: **** rejecting target file name with ".." component: a/../z
|
|
+status: 2
|
|
+EOF
|
|
+
|
|
+check 'emit_patch a/../z | patch -p1; echo status: $?' <<EOF
|
|
+$PATCH: **** rejecting target file name with ".." component: ../z
|
|
+status: 2
|
|
+EOF
|
|
+
|
|
+check 'emit_patch a/.. | patch -p0; echo status: $?' <<EOF
|
|
+$PATCH: **** rejecting target file name with ".." component: a/..
|
|
+status: 2
|
|
+EOF
|
|
+
|
|
+check 'emit_patch ../z | patch -p0; echo status: $?' <<EOF
|
|
+$PATCH: **** rejecting target file name with ".." component: ../z
|
|
+status: 2
|
|
+EOF
|
|
+
|
|
+check 'emit_2 /abs/path target | patch -p0; echo status: $?' <<EOF
|
|
+patching file target
|
|
+status: 0
|
|
+EOF
|
|
+
|
|
+echo x > target
|
|
+check 'emit_2 /abs/path target | patch -R -p0; echo status: $?' <<EOF
|
|
+patching file target
|
|
+status: 0
|
|
+EOF
|
|
+
|
|
+# Do not validate any file name from the input when the target
|
|
+# is specified on the command line:
|
|
+touch abs
|
|
+check 'emit_patch /absolute/path | patch `pwd`/abs; echo status: $?' <<EOF
|
|
+patching file `pwd`/abs
|
|
+status: 0
|
|
+EOF
|