1 files changed, 48 insertions, 0 deletions

diff --git a/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch b/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch
new file mode 100644
index 000000000000..a87687dce387
--- /dev/null
+++ b/dev-lang/rust/files/1.63.0-CVE-2022-36113.patch
@@ -0,0 +1,48 @@
+From 97b80919e404b0768ea31ae329c3b4da54bed05a Mon Sep 17 00:00:00 2001
+From: Josh Triplett <josh@joshtriplett.org>
+Date: Thu, 18 Aug 2022 17:17:19 +0200
+Subject: [PATCH] CVE-2022-36113: avoid unpacking .cargo-ok from the crate
+
+---
+ src/cargo/sources/registry/mod.rs | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+gyakovlev: 'sed -i 's|/src/cargo|/src/tools/cargo/src/cargo|g'
+
+diff --git a/src/tools/cargo/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+index c17b822fd0..a2863bf78a 100644
+--- a/src/tools/cargo/src/cargo/sources/registry/mod.rs
++++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+@@ -639,6 +639,13 @@ impl<'cfg> RegistrySource<'cfg> {
+                     prefix
+                 )
+             }
++            // Prevent unpacking the lockfile from the crate itself.
++            if entry_path
++                .file_name()
++                .map_or(false, |p| p == PACKAGE_SOURCE_LOCK)
++            {
++                continue;
++            }
+             // Unpacking failed
+             let mut result = entry.unpack_in(parent).map_err(anyhow::Error::from);
+             if cfg!(windows) && restricted_names::is_windows_reserved_path(&entry_path) {
+@@ -654,16 +661,14 @@ impl<'cfg> RegistrySource<'cfg> {
+                 .with_context(|| format!("failed to unpack entry at `{}`", entry_path.display()))?;
+         }
+ 
+-        // The lock file is created after unpacking so we overwrite a lock file
+-        // which may have been extracted from the package.
++        // Now that we've finished unpacking, create and write to the lock file to indicate that
++        // unpacking was successful.
+         let mut ok = OpenOptions::new()
+-            .create(true)
++            .create_new(true)
+             .read(true)
+             .write(true)
+             .open(&path)
+             .with_context(|| format!("failed to open `{}`", path.display()))?;
+-
+-        // Write to the lock file to indicate that unpacking was successful.
+         write!(ok, "ok")?;
+ 
+         Ok(unpack_dir.to_path_buf())