060-CVE-2019-13638.patch 1.2 KB

1234567891011121314151617181920212223242526272829303132333435363738
  1. From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
  2. From: Andreas Gruenbacher <agruen@gnu.org>
  3. Date: Fri, 6 Apr 2018 19:36:15 +0200
  4. Subject: Invoke ed directly instead of using the shell
  5. * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
  6. command to avoid quoting vulnerabilities.
  7. ---
  8. src/pch.c | 6 ++----
  9. 1 file changed, 2 insertions(+), 4 deletions(-)
  10. diff --git a/src/pch.c b/src/pch.c
  11. index 4fd5a05..16e001a 100644
  12. --- a/src/pch.c
  13. +++ b/src/pch.c
  14. @@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
  15. *outname_needs_removal = true;
  16. copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
  17. }
  18. - sprintf (buf, "%s %s%s", editor_program,
  19. - verbosity == VERBOSE ? "" : "- ",
  20. - outname);
  21. fflush (stdout);
  22. pid = fork();
  23. @@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
  24. else if (pid == 0)
  25. {
  26. dup2 (tmpfd, 0);
  27. - execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
  28. + assert (outname[0] != '!' && outname[0] != '-');
  29. + execlp (editor_program, editor_program, "-", outname, (char *) NULL);
  30. _exit (2);
  31. }
  32. else
  33. --
  34. cgit v1.0-41-gc330