Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
util-linux-systemd
util-linux-bash-completion-shell-character-esca...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File util-linux-bash-completion-shell-character-escape-CVE-2018-7738.patch of Package util-linux-systemd
From 2c12297400859d012b101c049e328eb19f705fe8 Mon Sep 17 00:00:00 2001 From: Etienne Mollier <etienne.mollier@mailoo.org> Date: Thu, 21 May 2020 17:20:18 +0200 Subject: [PATCH] bash-completion/umount: shell charaters escape MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch brings support for automatic dangerous shell characters escape in umount autocompletion. Due to the very peculiar way for bash to handle autocompletion routines, proper escaping of the shell sequences only worked properly inside a function: _umount_point_list, which will add to the user's namespace at the next umount attempt of autocompleting mount point. It also translates calls of gensub to the portable alternatives sub and gsub, in order to allow the use of various awk implementations (mawk, Gnu, Busybox, etc), and as such kind of undoes a recent change to enforce the use of Gnu awk. The whole story landed into the Debian BTS initially: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933934 PS: It's been a few months since the patch is available, sorry for the delay; I only got myself a Github account quite recently... Signed-off-by: Étienne Mollier <etienne.mollier@mailoo.org> --- bash-completion/umount | 50 +++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 23 deletions(-) Index: b/bash-completion/umount =================================================================== --- a/bash-completion/umount +++ b/bash-completion/umount @@ -1,3 +1,27 @@ +_umount_points_list() +{ + # List of characters to escape shamelessly stolen from "scp" completion + local escape_chars='[][(){}<>\",:;^&!$=?`|\\'\'' \t\f\n\r\v]' + + findmnt -lno TARGET | awk '{ + if ($0 ~ "^"ENVIRON["HOME"]) { + homeless = $0 + sub("^"ENVIRON["HOME"], "~", homeless) + gsub("'"$escape_chars"'", "\\\\&", homeless) + print homeless " " + } + if ($0 ~ "^"ENVIRON["PWD"]) { + reldir = $0 + sub("^"ENVIRON["PWD"]"/?", "", reldir) + gsub("'"$escape_chars"'", "\\\\&", reldir) + print "./" reldir " " + print reldir " " + } + gsub("'"$escape_chars"'", "\\\\&") + print $0 " " + }' +} + _umount_module() { local cur prev OPTS @@ -41,9 +65,7 @@ _umount_module() ;; esac - local oldifs=$IFS - IFS=$'\n' - COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) ) - IFS=$oldifs + local IFS=$'\n' + COMPREPLY=( $( compgen -W '$( _umount_points_list )' -- "$cur" ) ) } -complete -F _umount_module umount +complete -F _umount_module -o nospace umount
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor