On Sat, Jan 26, 2019 at 02:20:06PM +0900, Hiroyuki YAMAMORI wrote:
> Package: rsh-client
> Version: 0.17-19
> Severity: important
> Tags: security
>
> Refer Bug #919101
>
> Dear Maintainer,
>
> netkit-rcp also has CVE-2018-20685 and CVE-2019-6111 similar to scp.
Hi!
Thanks for noticing.
Attaching the patch so that others can check it.
Regards,
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
mailto/sip: a...@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Index: netkit-rsh/rcp/rcp.c
===================================================================
--- netkit-rsh.orig/rcp/rcp.c 2019-01-28 16:30:24.396240311 +0100
+++ netkit-rsh/rcp/rcp.c 2019-01-28 16:37:53.927805155 +0100
@@ -747,6 +747,11 @@
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
+ if (*cp == '\0' || strchr(cp, '/') != NULL ||
+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+ error("error: unexpected filename: %s", cp);
+ exit(1);
+ }
if (targisdir) {
char *newbuf;
int need = strlen(targ) + strlen(cp) + 2;
