From e01bb64aeb0409d4ef6264cfdac5e1a248dd980d Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 30 Jul 2017 17:11:24 -0700 Subject: [PATCH] copy: sanity-check --suffix * src/cp.c, src/install.c, src/ln.c, src/mv.c (main): Use set_simple_backup_suffix, to sanity-check the user-supplied backup suffix. --- NEWS | 4 ++++ src/cp.c | 4 +++- src/install.c | 4 +++- src/ln.c | 4 +++- src/mv.c | 4 +++- 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 7c22ebbb42..13bbc9606c 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,10 @@ GNU coreutils NEWS -*- outline -*- now makes a numbered backup file instead of losing the data. [the bug dates back to the initial implementation] + cp, install, ln, and mv now ignore nonsensical backup suffixes. + For example, --suffix='/' and --suffix='' are now no-ops. + [the bug dates back to the initial implementation] + date and touch no longer overwrite the heap with large user specified TZ values (CVE-2017-7476). [bug introduced in coreutils-8.27] diff --git a/src/cp.c b/src/cp.c index a6f0c64a8f..6949a677e3 100644 --- a/src/cp.c +++ b/src/cp.c @@ -930,6 +930,7 @@ main (int argc, char **argv) int c; bool ok; bool make_backups = false; + char const *backup_suffix = NULL; char *version_control_string = NULL; struct cp_options x; bool copy_contents = false; @@ -1126,7 +1127,7 @@ main (int argc, char **argv) case 'S': make_backups = true; - simple_backup_suffix = optarg; + backup_suffix = optarg; break; case_GETOPT_HELP_CHAR; @@ -1161,6 +1162,7 @@ main (int argc, char **argv) ? xget_version (_("backup type"), version_control_string) : no_backups); + set_simple_backup_suffix (backup_suffix); if (x.dereference == DEREF_UNDEFINED) { diff --git a/src/install.c b/src/install.c index 592c3452ae..5b68261129 100644 --- a/src/install.c +++ b/src/install.c @@ -796,6 +796,7 @@ main (int argc, char **argv) int exit_status = EXIT_SUCCESS; const char *specified_mode = NULL; bool make_backups = false; + char const *backup_suffix = NULL; char *version_control_string = NULL; bool mkdir_and_install = false; struct cp_options x; @@ -873,7 +874,7 @@ main (int argc, char **argv) break; case 'S': make_backups = true; - simple_backup_suffix = optarg; + backup_suffix = optarg; break; case 't': if (target_directory) @@ -949,6 +950,7 @@ main (int argc, char **argv) ? xget_version (_("backup type"), version_control_string) : no_backups); + set_simple_backup_suffix (backup_suffix); if (x.preserve_security_context && (x.set_security_context || scontext)) die (EXIT_FAILURE, 0, diff --git a/src/ln.c b/src/ln.c index a70b7d50fe..e86f581b9e 100644 --- a/src/ln.c +++ b/src/ln.c @@ -438,6 +438,7 @@ main (int argc, char **argv) int c; bool ok; bool make_backups = false; + char const *backup_suffix = NULL; char *version_control_string = NULL; char const *target_directory = NULL; bool no_target_directory = false; @@ -515,7 +516,7 @@ main (int argc, char **argv) break; case 'S': make_backups = true; - simple_backup_suffix = optarg; + backup_suffix = optarg; break; case_GETOPT_HELP_CHAR; case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); @@ -565,6 +566,7 @@ main (int argc, char **argv) backup_type = (make_backups ? xget_version (_("backup type"), version_control_string) : no_backups); + set_simple_backup_suffix (backup_suffix); if (relative && !symbolic_link) { diff --git a/src/mv.c b/src/mv.c index a6c6e3978f..fc1fca415d 100644 --- a/src/mv.c +++ b/src/mv.c @@ -336,6 +336,7 @@ main (int argc, char **argv) int c; bool ok; bool make_backups = false; + char const *backup_suffix = NULL; char *version_control_string = NULL; struct cp_options x; char *target_directory = NULL; @@ -405,7 +406,7 @@ main (int argc, char **argv) break; case 'S': make_backups = true; - simple_backup_suffix = optarg; + backup_suffix = optarg; break; case 'Z': /* As a performance enhancement, don't even bother trying @@ -469,6 +470,7 @@ main (int argc, char **argv) ? xget_version (_("backup type"), version_control_string) : no_backups); + set_simple_backup_suffix (backup_suffix); hash_init (); -- 2.47.2