]>
Commit | Line | Data |
---|---|---|
dd714b8a MT |
1 | Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net> |
2 | Date: 2005-08-09 | |
3 | Initial Package Version: 1.0.3 | |
4 | Upstream Status: Unknown. | |
5 | Origin: Jyri Ryska (RedHat) for fedora3 | |
6 | Description: Fixes filename sanitisation in bzgrep. | |
7 | This fixes CAN-2005-0758 (if a user can be tricked into running | |
8 | bzgrep in an untrusted directory containing files with carefully | |
9 | crafted filenames, arbitrary commands could be executed as the user | |
10 | running bzgrep). Risk is reported as low. I've modified it to force | |
11 | the interpreter to be bash, some of the other shells in use won't | |
12 | like the bash syntax. | |
13 | ||
14 | diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep | |
15 | --- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100 | |
16 | +++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100 | |
17 | @@ -1,4 +1,4 @@ | |
18 | -#!/bin/sh | |
19 | +#!/bin/bash | |
20 | ||
21 | # Bzgrep wrapped for bzip2, | |
22 | # adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux. | |
23 | @@ -63,7 +63,11 @@ | |
24 | bzip2 -cdfq "$i" | $grep $opt "$pat" | |
25 | r=$? | |
26 | else | |
27 | - bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|" | |
28 | + j=${i//\\/\\\\} | |
29 | + j=${j//|/\\|} | |
30 | + j=${j//&/\\&} | |
31 | + j=`printf "%s" "$j" | tr '\n' ' '` | |
32 | + bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" | |
33 | r=$? | |
34 | fi | |
35 | test "$r" -ne 0 && res="$r" |