forked from mirrors/nixpkgs
cvs: fix CVE-2017-12836
This patch is based on the work of the patch from Thorsten Glaser (MirBSD) [1] [1] http://www.mirbsd.org/cvs.cgi/src/gnu/usr.bin/cvs/src/rsh-client.c.diff?r1=1.6;r2=1.7
This commit is contained in:
parent
cfafd6f5a8
commit
d0c8c66068
|
@ -0,0 +1,29 @@
|
||||||
|
--- a/src/rsh-client.c.orig 2005-10-02 17:17:21.000000000 +0200
|
||||||
|
+++ b/src/rsh-client.c 2017-11-07 16:56:06.957370469 +0100
|
||||||
|
@@ -53,7 +53,7 @@
|
||||||
|
char *cvs_server = (root->cvs_server != NULL
|
||||||
|
? root->cvs_server : getenv ("CVS_SERVER"));
|
||||||
|
int i = 0;
|
||||||
|
- /* This needs to fit "rsh", "-b", "-l", "USER", "host",
|
||||||
|
+ /* This needs to fit "rsh", "-b", "-l", "USER", "--", "host",
|
||||||
|
"cmd (w/ args)", and NULL. We leave some room to grow. */
|
||||||
|
char *rsh_argv[10];
|
||||||
|
|
||||||
|
@@ -97,6 +97,9 @@
|
||||||
|
rsh_argv[i++] = root->username;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Only non-option arguments from here. (CVE-2017-12836) */
|
||||||
|
+ rsh_argv[i++] = "--";
|
||||||
|
+
|
||||||
|
rsh_argv[i++] = root->hostname;
|
||||||
|
rsh_argv[i++] = cvs_server;
|
||||||
|
rsh_argv[i++] = "server";
|
||||||
|
@@ -171,6 +174,7 @@
|
||||||
|
*p++ = root->username;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ *p++ = "--";
|
||||||
|
*p++ = root->hostname;
|
||||||
|
*p++ = command;
|
||||||
|
*p++ = NULL;
|
|
@ -11,6 +11,7 @@ stdenv.mkDerivation {
|
||||||
patches = [
|
patches = [
|
||||||
./getcwd-chroot.patch
|
./getcwd-chroot.patch
|
||||||
./CVE-2012-0804.patch
|
./CVE-2012-0804.patch
|
||||||
|
./CVE-2017-12836.patch
|
||||||
];
|
];
|
||||||
|
|
||||||
hardeningDisable = [ "fortify" "format" ];
|
hardeningDisable = [ "fortify" "format" ];
|
||||||
|
|
Loading…
Reference in a new issue