aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
blob: f60dfe879aff556ca52073f794f91de0baee1b9b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri, 6 Apr 2018 19:36:15 +0200
Subject: [PATCH] Invoke ed directly instead of using the shell

* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
command to avoid quoting vulnerabilities.

CVE: CVE-2019-13638
Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>

---
 src/pch.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)


diff --git a/src/pch.c b/src/pch.c
index 4fd5a05..16e001a 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
 	    *outname_needs_removal = true;
 	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
 	  }
-	sprintf (buf, "%s %s%s", editor_program,
-		 verbosity == VERBOSE ? "" : "- ",
-		 outname);
 	fflush (stdout);
 
 	pid = fork();
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
 	else if (pid == 0)
 	  {
 	    dup2 (tmpfd, 0);
-	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+	    assert (outname[0] != '!' && outname[0] != '-');
+	    execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
 	    _exit (2);
 	  }
 	else
-- 
2.7.4