Module Name:    src
Committed By:   snj
Date:           Sun Apr  8 06:04:09 UTC 2018

Modified Files:
        src/bin/ed [netbsd-8]: ed.1 main.c
        src/usr.bin/patch [netbsd-8]: pch.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #699):
        bin/ed/ed.1: 1.32-1.33
        bin/ed/main.c: 1.29
        usr.bin/patch/pch.c: 1.29
Pass -S to ed(1) so that patches containing ! commands don't run commands.
Real cause of CVE-2018-0492:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667)
--
add -S to disable ! commands.
--
Fix date.


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.30.40.1 src/bin/ed/ed.1
cvs rdiff -u -r1.28 -r1.28.8.1 src/bin/ed/main.c
cvs rdiff -u -r1.28 -r1.28.8.1 src/usr.bin/patch/pch.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/bin/ed/ed.1
diff -u src/bin/ed/ed.1:1.30 src/bin/ed/ed.1:1.30.40.1
--- src/bin/ed/ed.1:1.30	Fri May 14 02:09:58 2010
+++ src/bin/ed/ed.1	Sun Apr  8 06:04:08 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: ed.1,v 1.30 2010/05/14 02:09:58 joerg Exp $
+.\"	$NetBSD: ed.1,v 1.30.40.1 2018/04/08 06:04:08 snj Exp $
 .\"	$OpenBSD: ed.1,v 1.42 2003/07/27 13:25:43 jmc Exp $
 .\"
 .\" Copyright (c) 1993 Andrew Moore, Talke Studio.
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd January 23, 2002
+.Dd April 5, 2018
 .Dt ED 1
 .Os
 .Sh NAME
@@ -34,7 +34,7 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl
-.Op Fl Esx
+.Op Fl ESsx
 .Op Fl p Ar string
 .Op Ar file
 .Sh DESCRIPTION
@@ -130,6 +130,12 @@ option (deprecated).
 .It Fl E
 Enables the use of extended regular expressions instead of the basic
 regular expressions that are normally used.
+.It Fl S
+Disables using of the
+.Dq !
+command (execuring a subshell).
+Intended to be used by batch jobs like
+.Xr patch 1 .
 .It Fl p Ar string
 Specifies a command prompt.
 This may be toggled on and off with the
@@ -955,6 +961,7 @@ but any changes to the buffer are lost.
 .Xr sed 1 ,
 .Xr sh 1 ,
 .Xr vi 1 ,
+.Xr patch 1 ,
 .Xr regex 3
 .Pp
 USD:09-10

Index: src/bin/ed/main.c
diff -u src/bin/ed/main.c:1.28 src/bin/ed/main.c:1.28.8.1
--- src/bin/ed/main.c:1.28	Wed Mar  2 19:11:28 2016
+++ src/bin/ed/main.c	Sun Apr  8 06:04:08 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.28 2016/03/02 19:11:28 christos Exp $	*/
+/*	$NetBSD: main.c,v 1.28.8.1 2018/04/08 06:04:08 snj Exp $	*/
 
 /* main.c: This file contains the main control and user-interface routines
    for the ed line editor. */
@@ -39,7 +39,7 @@ __COPYRIGHT(
 #if 0
 static char *rcsid = "@(#)main.c,v 1.1 1994/02/01 00:34:42 alm Exp";
 #else
-__RCSID("$NetBSD: main.c,v 1.28 2016/03/02 19:11:28 christos Exp $");
+__RCSID("$NetBSD: main.c,v 1.28.8.1 2018/04/08 06:04:08 snj Exp $");
 #endif
 #endif /* not lint */
 
@@ -94,6 +94,7 @@ int mutex = 0;			/* if set, signals set 
 int red = 0;			/* if set, restrict shell/directory access */
 int ere = 0;			/* if set, use extended regexes */
 int scripted = 0;		/* if set, suppress diagnostics */
+int secure = 0;			/* is set, ! is not allowed */
 int sigflags = 0;		/* if set, signals received while mutex set */
 int sigactive = 0;		/* if set, signal handlers are enabled */
 
@@ -105,7 +106,7 @@ const char *prompt;			/* command-line pr
 const char *dps = "*";		/* default command-line prompt */
 
 
-static const char usage[] = "Usage: %s [-] [-sxE] [-p string] [name]\n";
+static const char usage[] = "Usage: %s [-] [-ESsx] [-p string] [name]\n";
 
 /* ed: line editor */
 int
@@ -118,7 +119,7 @@ main(int ac, char *av[])
 
 	red = (n = strlen(argv[0])) > 2 && argv[0][n - 3] == 'r';
 top:
-	while ((c = getopt(argc, argv, "p:sxE")) != -1)
+	while ((c = getopt(argc, argv, "p:sxES")) != -1)
 		switch(c) {
 		case 'p':				/* set prompt */
 			prompt = optarg;
@@ -137,6 +138,9 @@ top:
 		case 'E':
 			ere = REG_EXTENDED;
 			break;
+		case 'S':				/* ! is not allowed */
+			secure = 1;
+			break;
 		default:
 			fprintf(stderr, usage, getprogname());
 			exit(1);
@@ -861,6 +865,10 @@ exec_command(void)
 		printf("%ld\n", addr_cnt ? second_addr : addr_last);
 		break;
 	case '!':
+		if (secure) {
+			seterrmsg("'!' not allowed");
+			return ERR;
+		}
 		if (addr_cnt > 0) {
 			seterrmsg("unexpected address");
 			return ERR;

Index: src/usr.bin/patch/pch.c
diff -u src/usr.bin/patch/pch.c:1.28 src/usr.bin/patch/pch.c:1.28.8.1
--- src/usr.bin/patch/pch.c:1.28	Thu Jul 30 21:47:51 2015
+++ src/usr.bin/patch/pch.c	Sun Apr  8 06:04:09 2018
@@ -1,7 +1,7 @@
 /*
  * $OpenBSD: pch.c,v 1.37 2007/09/02 15:19:33 deraadt Exp $
  * $DragonFly: src/usr.bin/patch/pch.c,v 1.6 2008/08/10 23:35:40 joerg Exp $
- * $NetBSD: pch.c,v 1.28 2015/07/30 21:47:51 christos Exp $
+ * $NetBSD: pch.c,v 1.28.8.1 2018/04/08 06:04:09 snj Exp $
  */
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: pch.c,v 1.28 2015/07/30 21:47:51 christos Exp $");
+__RCSID("$NetBSD: pch.c,v 1.28.8.1 2018/04/08 06:04:09 snj Exp $");
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -1414,8 +1414,8 @@ do_ed_script(void)
 			unlink(TMPOUTNAME);
 			fatal("can't create temp file %s", TMPOUTNAME);
 		}
-		snprintf(buf, buf_len, "%s%s%s", _PATH_ED,
-		    verbose ? " " : " -s ", TMPOUTNAME);
+		snprintf(buf, buf_len, "%s -S%s %s", _PATH_ED,
+		    verbose ? "" : "s", TMPOUTNAME);
 		pipefp = popen(buf, "w");
 	}
 	for (;;) {

Reply via email to