Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Factory:zSystems
patch
ed-style-04-invoke-ed-directly.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ed-style-04-invoke-ed-directly.patch of Package patch
From: Andreas Gruenbacher <agruen@gnu.org> Date: Fri, 6 Apr 2018 19:36:15 +0200 Subject: Invoke ed directly instead of using the shell Git-commit: 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Patch-mainline: yes References: bsc#1088420, savannah#53566, CVE-2018-1000156 * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell command to avoid quoting vulnerabilities. --- src/pch.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/src/pch.c +++ b/src/pch.c @@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c *outname_needs_removal = true; copy_file (inname, outname, 0, exclusive, instat.st_mode, true); } - sprintf (buf, "%s %s%s", editor_program, - verbosity == VERBOSE ? "" : "- ", - outname); fflush (stdout); pid = fork(); @@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c else if (pid == 0) { dup2 (tmpfd, 0); - execl ("/bin/sh", "sh", "-c", buf, (char *) 0); + assert (outname[0] != '!' && outname[0] != '-'); + execlp (editor_program, editor_program, "-", outname, (char *) NULL); _exit (2); } else
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor