CVS commit: [netbsd-8] src/external/gpl2/xcvs/dist/src

Sun, 11 Feb 2018 16:20:53 -0800 

Module Name:    src
Committed By:   snj
Date:           Mon Feb 12 00:20:01 UTC 2018

Modified Files:
        src/external/gpl2/xcvs/dist/src [netbsd-8]: rsh-client.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #543):
        external/gpl2/xcvs/dist/src/rsh-client.c: 1.3
Fix for CVE-2017-12836; (cvs command injection) from MirBSD.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.8.1 src/external/gpl2/xcvs/dist/src/rsh-client.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/external/gpl2/xcvs/dist/src/rsh-client.c
diff -u src/external/gpl2/xcvs/dist/src/rsh-client.c:1.2 src/external/gpl2/xcvs/dist/src/rsh-client.c:1.2.8.1
--- src/external/gpl2/xcvs/dist/src/rsh-client.c:1.2	Tue May 17 14:00:09 2016
+++ src/external/gpl2/xcvs/dist/src/rsh-client.c	Mon Feb 12 00:20:01 2018
@@ -10,7 +10,7 @@
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: rsh-client.c,v 1.2 2016/05/17 14:00:09 christos Exp $");
+__RCSID("$NetBSD: rsh-client.c,v 1.2.8.1 2018/02/12 00:20:01 snj Exp $");
 
 #include <config.h>
 
@@ -55,11 +55,11 @@ start_rsh_server (cvsroot_t *root, struc
     char *cvs_server = (root->cvs_server != NULL
 			? root->cvs_server : getenv ("CVS_SERVER"));
     int i = 0;
-    /* This needs to fit "rsh", "-b", "-l", "USER", "host",
+    /* This needs to fit "rsh", "-b", "-l", "USER", "--", "host",
        "cmd (w/ args)", and NULL.  We leave some room to grow. */
-    char *rsh_argv[10];
+    char *rsh_argv[16];
 
-    if (!cvs_rsh)
+    if (!cvs_rsh || !*cvs_rsh)
 	/* People sometimes suggest or assume that this should default
 	   to "remsh" on systems like HPUX in which that is the
 	   system-supplied name for the rsh program.  However, that
@@ -99,6 +99,9 @@ start_rsh_server (cvsroot_t *root, struc
 	rsh_argv[i++] = root->username;
     }
 
+    /* Only non-option arguments from here. (CVE-2017-12836) */
+    rsh_argv[i++] = "--";
+
     rsh_argv[i++] = root->hostname;
     rsh_argv[i++] = cvs_server;
     rsh_argv[i++] = "server";
@@ -159,7 +162,7 @@ start_rsh_server (cvsroot_t *root, struc
     command = Xasprintf ("%s server", cvs_server);
 
     {
-        char *argv[10];
+        char *argv[16];
 	char **p = argv;
 
 	*p++ = cvs_rsh;
@@ -173,6 +176,8 @@ start_rsh_server (cvsroot_t *root, struc
 	    *p++ = root->username;
 	}
 
+	*p++ = "--";
+
 	*p++ = root->hostname;
 	*p++ = command;
 	*p++ = NULL;

Reply via email to