Pass -S to ed(1) so that patches containing ! commands don't run commands.

Real cause of CVS-2018-0492: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667)
2018-04-05 18:50:10 +00:00 · 2018-04-05 18:50:10 +00:00 · 019d365a3a
parent c02518ebec
commit 019d365a3a
1 changed files with 4 additions and 4 deletions
--- a/usr.bin/patch/pch.c
+++ b/usr.bin/patch/pch.c
@ -1,7 +1,7 @@
 /*
 * $OpenBSD: pch.c,v 1.37 2007/09/02 15:19:33 deraadt Exp $
 * $DragonFly: src/usr.bin/patch/pch.c,v 1.6 2008/08/10 23:35:40 joerg Exp $
- * $NetBSD: pch.c,v 1.28 2015/07/30 21:47:51 christos Exp $
+ * $NetBSD: pch.c,v 1.29 2018/04/05 18:50:10 christos Exp $
 */

 /*
@ -31,7 +31,7 @@
 */

 #include <sys/cdefs.h>
-__RCSID("$NetBSD: pch.c,v 1.28 2015/07/30 21:47:51 christos Exp $");
+__RCSID("$NetBSD: pch.c,v 1.29 2018/04/05 18:50:10 christos Exp $");

 #include <sys/types.h>
 #include <sys/stat.h>
@ -1414,8 +1414,8 @@ do_ed_script(void)
 			unlink(TMPOUTNAME);
 			fatal("can't create temp file %s", TMPOUTNAME);
 		}
-		snprintf(buf, buf_len, "%s%s%s", _PATH_ED,
-		    verbose ? " " : " -s ", TMPOUTNAME);
+		snprintf(buf, buf_len, "%s -S%s %s", _PATH_ED,
+		    verbose ? "" : "s", TMPOUTNAME);
 		pipefp = popen(buf, "w");
 	}
 	for (;;) {