(please keep myself on CC because I am not subscribed to the list)
Hello,
I am testing with patch-2.7.5-1.fc21.src.rpm which seems to be
close to branch master's tip and also with git master's tip:
The issue is that I can't apply a patch on a file that in out of
my workdir. It's a regular file, not a symlink.
This is the directory structure:
[fleitner@x240 a]$ find
.
./fix.patch
./file_with_bug
./b
Checking the types:
[fleitner@x240 a]$ ls -la
total 8
drwxrwxr-x. 3 fleitner fleitner 100 Apr 7 20:22 .
drwxrwxrwt. 18 root root 520 Apr 7 20:22 ..
drwxrwxr-x. 2 fleitner fleitner 40 Apr 7 20:21 b
-rw-rw-r--. 1 fleitner fleitner 2280 Apr 7 18:25 file_with_bug
-rw-rw-r--. 1 fleitner fleitner 2113 Apr 7 18:25 fix.patch
Get into 'b' as workdir and apply the patch:
[fleitner@x240 a]$ cd b
[fleitner@x240 b]$ patch -p0 ../file_with_bug ../fix.patch
Invalid file name ../file_with_bug -- skipping patch
[fleitner@x240 b]$
I suspect that the following commit might have introduced the issue:
commit ef609c26b22e5d6ea3c891e4c87ab1c679146f5f
Author: Andreas Gruenbacher <agr...@gnu.org>
Date: Sat Feb 21 20:13:04 2015 +0100
Follow directory symlinks within the working directory
* src/safe.c (struct symlink): A symlink to resolve.
(push_symlink, pop_symlink): New functions.
(read_symlink): Create a new symlink stack entry.
(traverse_next): Follow ".." components within the working
directory. When hitting symlinks, "follow" them by reading and
returning them. (traverse_another_path): Recursively traverse
symlinks.
The error comes from:
+traverse_next()
[...]
+ if (**path == '.' && *(*path + 1) == '.' && *path + 2 == p)
+ {
+ entry = dir->parent;
+ if (! entry)
+ {
+ /* Must not leave the working tree. */
>+ errno = EXDEV; <------------ HERE
+ goto out;
+ }
+ assert (dir->next == dir);
+ lru_list_add (dir, &lru_list);
+ goto skip;
+ }
The first attempt is with the above commit applied and the second one is
with the commit reverted.
[fleitner@x240 b]$ /home/fleitner/repo/patch/src/patch -p0 ../file_with_bug
../fix.patch
/home/fleitner/repo/patch/src/patch: **** Can't create temporary
file ../file_with_bug.osPpkQc : Invalid cross-device link
[fleitner@x240 b]$ /home/fleitner/repo/patch/src/patch -p0 ../file_with_bug
../fix.patch
patching file ../file_with_bug
Hunk #1 FAILED at 4669.
1 out of 1 hunk FAILED -- saving rejects to file ../file_with_bug.rej
[...]
I haven't looked at the CVE but I presume it should forbid symlinks
outside of workdir, but what about regular files like above?
Thanks
fbl
