Pull up following revision(s) (requested by christos in ticket #543):
external/gpl2/xcvs/dist/src/rsh-client.c: 1.3 Fix for CVE-2017-12836; (cvs command injection) from MirBSD.
This commit is contained in:
parent
c4616d3a1b
commit
b74bc0c9a0
|
@ -10,7 +10,7 @@
|
|||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details. */
|
||||
#include <sys/cdefs.h>
|
||||
__RCSID("$NetBSD: rsh-client.c,v 1.2 2016/05/17 14:00:09 christos Exp $");
|
||||
__RCSID("$NetBSD: rsh-client.c,v 1.2.8.1 2018/02/12 00:20:01 snj Exp $");
|
||||
|
||||
#include <config.h>
|
||||
|
||||
|
@ -55,11 +55,11 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
|
|||
char *cvs_server = (root->cvs_server != NULL
|
||||
? root->cvs_server : getenv ("CVS_SERVER"));
|
||||
int i = 0;
|
||||
/* This needs to fit "rsh", "-b", "-l", "USER", "host",
|
||||
/* This needs to fit "rsh", "-b", "-l", "USER", "--", "host",
|
||||
"cmd (w/ args)", and NULL. We leave some room to grow. */
|
||||
char *rsh_argv[10];
|
||||
char *rsh_argv[16];
|
||||
|
||||
if (!cvs_rsh)
|
||||
if (!cvs_rsh || !*cvs_rsh)
|
||||
/* People sometimes suggest or assume that this should default
|
||||
to "remsh" on systems like HPUX in which that is the
|
||||
system-supplied name for the rsh program. However, that
|
||||
|
@ -99,6 +99,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
|
|||
rsh_argv[i++] = root->username;
|
||||
}
|
||||
|
||||
/* Only non-option arguments from here. (CVE-2017-12836) */
|
||||
rsh_argv[i++] = "--";
|
||||
|
||||
rsh_argv[i++] = root->hostname;
|
||||
rsh_argv[i++] = cvs_server;
|
||||
rsh_argv[i++] = "server";
|
||||
|
@ -159,7 +162,7 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
|
|||
command = Xasprintf ("%s server", cvs_server);
|
||||
|
||||
{
|
||||
char *argv[10];
|
||||
char *argv[16];
|
||||
char **p = argv;
|
||||
|
||||
*p++ = cvs_rsh;
|
||||
|
@ -173,6 +176,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
|
|||
*p++ = root->username;
|
||||
}
|
||||
|
||||
*p++ = "--";
|
||||
|
||||
*p++ = root->hostname;
|
||||
*p++ = command;
|
||||
*p++ = NULL;
|
||||
|
|
Loading…
Reference in New Issue