Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
167 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
From 19599883ffb6a450d2884f081f8ecf68edbed7ee Mon Sep 17 00:00:00 2001 | ||
From: Jean Delvare <jdelvare@suse.de> | ||
Date: Thu, 3 May 2018 14:31:55 +0200 | ||
Subject: [PATCH] Don't leak temporary file on failed ed-style patch | ||
|
||
Now that we write ed-style patches to a temporary file before we | ||
apply them, we need to ensure that the temporary file is removed | ||
before we leave, even on fatal error. | ||
|
||
* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local | ||
tmpname. Don't unlink the file directly, instead tag it for removal | ||
at exit time. | ||
* src/patch.c (cleanup): Unlink TMPEDNAME at exit. | ||
|
||
This closes bug #53820: | ||
https://savannah.gnu.org/bugs/index.php?53820 | ||
|
||
Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)") | ||
--- | ||
src/common.h | 2 ++ | ||
src/patch.c | 1 + | ||
src/pch.c | 11 +++++------ | ||
3 files changed, 8 insertions(+), 6 deletions(-) | ||
|
||
diff --git a/src/common.h b/src/common.h | ||
index 904a3f8..53c5e32 100644 | ||
--- a/src/common.h | ||
+++ b/src/common.h | ||
@@ -94,10 +94,12 @@ XTERN char const *origsuff; | ||
XTERN char const * TMPINNAME; | ||
XTERN char const * TMPOUTNAME; | ||
XTERN char const * TMPPATNAME; | ||
+XTERN char const * TMPEDNAME; | ||
|
||
XTERN bool TMPINNAME_needs_removal; | ||
XTERN bool TMPOUTNAME_needs_removal; | ||
XTERN bool TMPPATNAME_needs_removal; | ||
+XTERN bool TMPEDNAME_needs_removal; | ||
|
||
#ifdef DEBUGGING | ||
XTERN int debug; | ||
diff --git a/src/patch.c b/src/patch.c | ||
index 3fcaec5..9146597 100644 | ||
--- a/src/patch.c | ||
+++ b/src/patch.c | ||
@@ -1999,6 +1999,7 @@ cleanup (void) | ||
remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal); | ||
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal); | ||
remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal); | ||
+ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal); | ||
remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal); | ||
output_files (NULL); | ||
} | ||
diff --git a/src/pch.c b/src/pch.c | ||
index 79a3c99..1bb3153 100644 | ||
--- a/src/pch.c | ||
+++ b/src/pch.c | ||
@@ -2396,7 +2396,6 @@ do_ed_script (char const *inname, char const *outname, | ||
file_offset beginning_of_this_line; | ||
size_t chars_read; | ||
FILE *tmpfp = 0; | ||
- char const *tmpname; | ||
int tmpfd; | ||
pid_t pid; | ||
|
||
@@ -2411,12 +2410,13 @@ do_ed_script (char const *inname, char const *outname, | ||
invalid commands and treats the next line as a new command, which | ||
can lead to arbitrary command execution. */ | ||
|
||
- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); | ||
+ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0); | ||
if (tmpfd == -1) | ||
- pfatal ("Can't create temporary file %s", quotearg (tmpname)); | ||
+ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME)); | ||
+ TMPEDNAME_needs_removal = true; | ||
tmpfp = fdopen (tmpfd, "w+b"); | ||
if (! tmpfp) | ||
- pfatal ("Can't open stream for file %s", quotearg (tmpname)); | ||
+ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME)); | ||
} | ||
|
||
for (;;) { | ||
@@ -2457,7 +2457,7 @@ do_ed_script (char const *inname, char const *outname, | ||
write_fatal (); | ||
|
||
if (lseek (tmpfd, 0, SEEK_SET) == -1) | ||
- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); | ||
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME)); | ||
|
||
if (inerrno != ENOENT) | ||
{ | ||
@@ -2484,7 +2484,6 @@ do_ed_script (char const *inname, char const *outname, | ||
pfatal ("Failed to duplicate standard input"); | ||
|
||
fclose (tmpfp); | ||
- safe_unlink (tmpname); | ||
|
||
if (ofp) | ||
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
# POWER Maintainer: Alexander Baldeck <alex.bldck@gmail.com> | ||
# Maintainer: Sébastien Luttringer <seblu@archlinux.org> | ||
# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> | ||
# Contributor: Allan McRae <allan@archlinux.org> | ||
# Contributor: judd <jvinet@zeroflux.org> | ||
|
||
pkgname=patch | ||
pkgver=2.7.6 | ||
pkgrel=8 | ||
pkgdesc='A utility to apply patch files to original sources' | ||
arch=(x86_64 powerpc64le) | ||
url='https://www.gnu.org/software/patch/' | ||
license=('GPL') | ||
groups=('base-devel') | ||
depends=('glibc' 'attr') | ||
makedepends=('ed') | ||
optdepends=('ed: for patch -e functionality') | ||
validpgpkeys=('259B3792B3D6D319212CC4DCD5BF9FEB0313653A') # Andreas Gruenbacher | ||
source=("https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig} | ||
'https://github.com/mirror/patch/commit/f290f48a621867084884bfff87f8093c15195e6a.patch' # CVE-2018-6951 | ||
'https://github.com/mirror/patch/commit/b5a91a01e5d0897facdd0f49d64b76b0f02b43e1.patch' | ||
'https://github.com/mirror/patch/commit/123eaff0d5d1aebe128295959435b9ca5909c26d.patch' # CVE-2018-1000156 | ||
'https://github.com/mirror/patch/commit/3fcd042d26d70856e826a42b5f93dc4854d80bf0.patch' | ||
'19599883ffb6a450d2884f081f8ecf68edbed7ee.patch' # Fix memory leaks introduced in CVE-2018-1000165 | ||
'https://github.com/mirror/patch/commit/369dcccdfa6336e5a873d6d63705cfbe04c55727.patch' | ||
'https://github.com/mirror/patch/commit/9c986353e420ead6e706262bf204d6e03322c300.patch' # CVE-2018-6952 | ||
) | ||
sha256sums=('ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd' | ||
'SKIP' | ||
'38d28c34524c6ac4585d47e0fe8349508e9e4b014872798cb2bf2bc48e5af2d4' | ||
'b7829673090bcd74110ac040cc6e503113ef770e48d34758c04418cf9c8bfa87' | ||
'9158cb3cd4bed0c4fe5a7f1254e0e2642e0ad583dc8b5df8ee296a13d695270d' | ||
'473f8a7fa8152a3c7803633e2a3072dab545b74377ea618451ceda4283643364' | ||
'6d64a8b8ddfb802ec0aa804388eb5ef51ac808c7a5c111d10490c270eb4fe727' | ||
'e1fc8a8aa2cad71b2a6207241ea71a33a7e3dacb8533ad54af35170c5a6562d1' | ||
'4b9e81985ca057fa39daed34a4710eb113f08b3d1ce77a7121ddd8e3fae8007a') | ||
|
||
prepare() { | ||
cd $pkgname-$pkgver | ||
# apply patch from the source array (should be a pacman feature) | ||
local src | ||
for src in "${source[@]}"; do | ||
src="${src%%::*}" | ||
src="${src##*/}" | ||
[[ $src = *.patch ]] || continue | ||
msg2 "Applying patch $src..." | ||
patch -Np1 < "../$src" | ||
done | ||
autoreconf -fiv | ||
} | ||
|
||
build() { | ||
cd $pkgname-$pkgver | ||
./configure --prefix=/usr | ||
make | ||
} | ||
|
||
check() { | ||
cd $pkgname-$pkgver | ||
make check | ||
} | ||
|
||
package() { | ||
cd $pkgname-$pkgver | ||
make DESTDIR="$pkgdir" install | ||
} | ||
|
||
# vim:set ts=2 sw=2 et: |