File: fix-CVE-2018-20685-and-CVE-2019-6111.patch

package info (click to toggle)
netkit-rsh 0.17-20
  • links: PTS
  • area: main
  • in suites: buster
  • size: 824 kB
  • sloc: ansic: 3,825; makefile: 137; perl: 136; sh: 29
file content (20 lines) | stat: -rw-r--r-- 831 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
 
Description: Fix CVE-2018-20685 and CVE-2019-6111
Bug-Debian: https://bugs.debian.org/920486
Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114

Index: netkit-rsh/rcp/rcp.c
===================================================================
--- netkit-rsh.orig/rcp/rcp.c	2019-01-28 16:30:24.396240311 +0100
+++ netkit-rsh/rcp/rcp.c	2019-01-28 16:37:53.927805155 +0100
@@ -747,6 +747,11 @@
 			size = size * 10 + (*cp++ - '0');
 		if (*cp++ != ' ')
 			SCREWUP("size not delimited");
+		if (*cp == '\0' || strchr(cp, '/') != NULL ||
+		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+			error("error: unexpected filename: %s", cp);
+			exit(1);
+		}
 		if (targisdir) {
 			char *newbuf;
 			int need = strlen(targ) + strlen(cp) + 2;