36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
|
|
Date: 2005-08-09
|
|
Initial Package Version: 1.0.3
|
|
Upstream Status: Unknown.
|
|
Origin: Jyri Ryska (RedHat) for fedora3
|
|
Description: Fixes filename sanitisation in bzgrep.
|
|
This fixes CAN-2005-0758 (if a user can be tricked into running
|
|
bzgrep in an untrusted directory containing files with carefully
|
|
crafted filenames, arbitrary commands could be executed as the user
|
|
running bzgrep). Risk is reported as low. I've modified it to force
|
|
the interpreter to be bash, some of the other shells in use won't
|
|
like the bash syntax.
|
|
|
|
diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep
|
|
--- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100
|
|
+++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100
|
|
@@ -1,4 +1,4 @@
|
|
-#!/bin/sh
|
|
+#!/bin/bash
|
|
|
|
# Bzgrep wrapped for bzip2,
|
|
# adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux.
|
|
@@ -63,7 +63,11 @@
|
|
bzip2 -cdfq "$i" | $grep $opt "$pat"
|
|
r=$?
|
|
else
|
|
- bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|"
|
|
+ j=${i//\\/\\\\}
|
|
+ j=${j//|/\\|}
|
|
+ j=${j//&/\\&}
|
|
+ j=`printf "%s" "$j" | tr '\n' ' '`
|
|
+ bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
|
|
r=$?
|
|
fi
|
|
test "$r" -ne 0 && res="$r"
|