summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/less/less/CVE-2024-32487.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/less/less/CVE-2024-32487.patch')
-rw-r--r--meta/recipes-extended/less/less/CVE-2024-32487.patch69
1 files changed, 69 insertions, 0 deletions
diff --git a/meta/recipes-extended/less/less/CVE-2024-32487.patch b/meta/recipes-extended/less/less/CVE-2024-32487.patch
new file mode 100644
index 0000000000..d5c8b9ce31
--- /dev/null
+++ b/meta/recipes-extended/less/less/CVE-2024-32487.patch
@@ -0,0 +1,69 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/less/tree/debian/patches/CVE-2024-32487.patch?h=ubuntu/jammy-security
+Upstream commit https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33]
+CVE: CVE-2024-32487
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ filename.c | 31 +++++++++++++++++++++++++------
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+--- a/filename.c
++++ b/filename.c
+@@ -136,6 +136,15 @@ metachar(c)
+ }
+
+ /*
++ * Must use quotes rather than escape char for this metachar?
++ */
++static int must_quote(char c)
++{
++ /* {{ Maybe the set of must_quote chars should be configurable? }} */
++ return (c == '\n');
++}
++
++/*
+ * Insert a backslash before each metacharacter in a string.
+ */
+ public char *
+@@ -168,6 +177,9 @@ shell_quote(s)
+ * doesn't support escape chars. Use quotes.
+ */
+ use_quotes = 1;
++ } else if (must_quote(*p))
++ {
++ len += 3; /* open quote + char + close quote */
+ } else
+ {
+ /*
+@@ -197,15 +209,22 @@ shell_quote(s)
+ {
+ while (*s != '\0')
+ {
+- if (metachar(*s))
++ if (!metachar(*s))
+ {
+- /*
+- * Add the escape char.
+- */
++ *p++ = *s++;
++ } else if (must_quote(*s))
++ {
++ /* Surround the char with quotes. */
++ *p++ = openquote;
++ *p++ = *s++;
++ *p++ = closequote;
++ } else
++ {
++ /* Insert an escape char before the char. */
+ strcpy(p, esc);
+ p += esclen;
++ *p++ = *s++;
+ }
+- *p++ = *s++;
+ }
+ *p = '\0';
+ }
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-06-21 10:36:00 +0000