diff options
Diffstat (limited to 'dev-vcs/cvs/files/cvs-1.12.12-CVE-2017-12836-commandinjection.patch')
-rw-r--r-- | dev-vcs/cvs/files/cvs-1.12.12-CVE-2017-12836-commandinjection.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/dev-vcs/cvs/files/cvs-1.12.12-CVE-2017-12836-commandinjection.patch b/dev-vcs/cvs/files/cvs-1.12.12-CVE-2017-12836-commandinjection.patch new file mode 100644 index 000000000000..87b1fdc9584c --- /dev/null +++ b/dev-vcs/cvs/files/cvs-1.12.12-CVE-2017-12836-commandinjection.patch @@ -0,0 +1,22 @@ +diff -Naurp a/src/rsh-client.c b/src/rsh-client.c +--- a/src/rsh-client.c 2005-03-15 18:45:10.000000000 +0100 ++++ b/src/rsh-client.c 2017-08-26 17:43:23.228060155 +0200 +@@ -97,6 +97,9 @@ start_rsh_server (cvsroot_t *root, struc + rsh_argv[i++] = root->username; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + rsh_argv[i++] = "server"; +@@ -171,6 +174,8 @@ start_rsh_server (cvsroot_t *root, struc + *p++ = root->username; + } + ++ *p++ = "--"; ++ + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; |