1 diff -up patch-2.6.1/Makefile.in.CVE-2010-4651 patch-2.6.1/Makefile.in
2 --- patch-2.6.1/Makefile.in.CVE-2010-4651 2009-12-30 12:56:30.000000000 +0000
3 +++ patch-2.6.1/Makefile.in 2011-02-10 12:29:32.926361705 +0000
4 @@ -192,6 +192,7 @@ installcheck::
6 tests/asymmetric-hunks \
7 tests/backup-prefix-suffix \
8 + tests/bad-filenames \
9 tests/corrupt-reject-files \
12 diff -up patch-2.6.1/src/common.h.CVE-2010-4651 patch-2.6.1/src/common.h
13 --- patch-2.6.1/src/common.h.CVE-2010-4651 2011-02-10 12:30:29.142797627 +0000
14 +++ patch-2.6.1/src/common.h 2011-02-10 12:30:33.566989729 +0000
15 @@ -169,6 +169,7 @@ XTERN char *revision; /* prerequisite
18 void fatal_exit (int) __attribute__ ((noreturn));
19 +void validate_target_name (char const *n);
22 #if !STDC_HEADERS && !defined errno
23 diff -up patch-2.6.1/src/patch.c.CVE-2010-4651 patch-2.6.1/src/patch.c
24 --- patch-2.6.1/src/patch.c.CVE-2010-4651 2011-02-10 12:30:20.721432124 +0000
25 +++ patch-2.6.1/src/patch.c 2011-02-10 12:30:33.567989772 +0000
34 @@ -916,6 +917,26 @@ numeric_string (char const *string,
39 +validate_target_name (char const *n)
42 + if (explicit_inname)
44 + if (IS_ABSOLUTE_FILE_NAME (p))
45 + fatal ("rejecting absolute target file name: %s", quotearg (p));
48 + if (*p == '.' && *++p == '.' && ( ! *++p || ISSLASH (*p)))
49 + fatal ("rejecting target file name with \"..\" component: %s",
51 + while (*p && ! ISSLASH (*p))
53 + while (ISSLASH (*p))
58 /* Attempt to find the right place to apply this hunk of patch. */
61 diff -up patch-2.6.1/src/pch.c.CVE-2010-4651 patch-2.6.1/src/pch.c
62 --- patch-2.6.1/src/pch.c.CVE-2010-4651 2009-12-30 12:56:30.000000000 +0000
63 +++ patch-2.6.1/src/pch.c 2011-02-10 12:30:33.573990033 +0000
65 /* Copyright (C) 1986, 1987, 1988 Larry Wall
67 Copyright (C) 1990, 1991, 1992, 1993, 1997, 1998, 1999, 2000, 2001,
68 - 2002, 2003, 2006, 2009 Free Software Foundation, Inc.
69 + 2002, 2003, 2006, 2009, 2011 Free Software Foundation, Inc.
71 This program is free software; you can redistribute it and/or modify
72 it under the terms of the GNU General Public License as published by
73 @@ -199,6 +199,8 @@ maybe_reverse (char const *name, bool no
75 bool looks_reversed = (! is_empty) < p_says_nonexistent[reverse ^ is_empty];
77 + validate_target_name (name);
81 ok_to_reverse ("The next patch%s would %s the file %s,\nwhich %s!",
82 @@ -725,6 +727,7 @@ intuit_diff_type (bool need_header)
83 inerrno = stat_errno[i];
84 invc = version_controlled[i];
86 + validate_target_name (inname);
90 diff -up patch-2.6.1/tests/bad-filenames.CVE-2010-4651 patch-2.6.1/tests/bad-filenames
91 --- patch-2.6.1/tests/bad-filenames.CVE-2010-4651 2011-02-10 12:29:32.931361921 +0000
92 +++ patch-2.6.1/tests/bad-filenames 2011-02-10 12:30:33.576990163 +0000
94 +# Copyright (C) 2011 Free Software Foundation, Inc.
96 +# Copying and distribution of this file, with or without modification,
97 +# in any medium, are permitted without royalty provided the copyright
98 +# notice and this notice are preserved.
100 +. $srcdir/test-lib.sh
105 +# ================================================================
117 +emit_patch() { emit_2 /dev/null "$1"; }
119 +# Ensure that patch rejects an output file name that is absolute
120 +# or that contains a ".." component.
122 +check 'emit_patch /absolute/path | patch -p0; echo status: $?' <<EOF
123 +$PATCH: **** rejecting absolute target file name: /absolute/path
127 +check 'emit_patch a/../z | patch -p0; echo status: $?' <<EOF
128 +$PATCH: **** rejecting target file name with ".." component: a/../z
132 +check 'emit_patch a/../z | patch -p1; echo status: $?' <<EOF
133 +$PATCH: **** rejecting target file name with ".." component: ../z
137 +check 'emit_patch a/.. | patch -p0; echo status: $?' <<EOF
138 +$PATCH: **** rejecting target file name with ".." component: a/..
142 +check 'emit_patch ../z | patch -p0; echo status: $?' <<EOF
143 +$PATCH: **** rejecting target file name with ".." component: ../z
147 +check 'emit_2 /abs/path target | patch -p0; echo status: $?' <<EOF
148 +patching file target
153 +check 'emit_2 /abs/path target | patch -R -p0; echo status: $?' <<EOF
154 +patching file target
158 +# Do not validate any file name from the input when the target
159 +# is specified on the command line:
161 +check 'emit_patch /absolute/path | patch `pwd`/abs; echo status: $?' <<EOF
162 +patching file `pwd`/abs