git: patch - Fix shell injection vulnerability

Matthew Dillon dillon at crater.dragonflybsd.org
Fri Aug 14 20:30:58 PDT 2015


commit e4bdac6bd0bece3ae6b3233ad260e8e82d21ba76
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Fri Aug 14 20:29:32 2015 -0700

    patch - Fix shell injection vulnerability
    
    * Fix shell injection vulnerability in patch(1) via ed(1) by
      tightening sanity check of the input. [1]
    
    * While I'm there also replace ed(1) with red(1) because we do
      not need the unrestricted functionality.
    
    Obtained from: Bitrig [1], and discussions w/ FreeBSD
    Security: CVE-2015-1418 [1]

Summary of changes:
 usr.bin/patch/pathnames.h |  2 +-
 usr.bin/patch/pch.c       | 16 ++++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/e4bdac6bd0bece3ae6b3233ad260e8e82d21ba76


-- 
DragonFly BSD source repository


More information about the Commits mailing list