Module Name: src
Committed By: christos
Date: Thu Apr 5 18:50:10 UTC 2018
Modified Files:
src/usr.bin/patch: pch.c
Log Message:
Pass -S to ed(1) so that patches containing ! commands don't run commands.
Real cause of CVS-2018-0492:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667)
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/usr.bin/patch/pch.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/patch/pch.c
diff -u src/usr.bin/patch/pch.c:1.28 src/usr.bin/patch/pch.c:1.29
--- src/usr.bin/patch/pch.c:1.28 Thu Jul 30 17:47:51 2015
+++ src/usr.bin/patch/pch.c Thu Apr 5 14:50:10 2018
@@ -1,7 +1,7 @@
/*
* $OpenBSD: pch.c,v 1.37 2007/09/02 15:19:33 deraadt Exp $
* $DragonFly: src/usr.bin/patch/pch.c,v 1.6 2008/08/10 23:35:40 joerg Exp $
- * $NetBSD: pch.c,v 1.28 2015/07/30 21:47:51 christos Exp $
+ * $NetBSD: pch.c,v 1.29 2018/04/05 18:50:10 christos Exp $
*/
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: pch.c,v 1.28 2015/07/30 21:47:51 christos Exp $");
+__RCSID("$NetBSD: pch.c,v 1.29 2018/04/05 18:50:10 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -1414,8 +1414,8 @@ do_ed_script(void)
unlink(TMPOUTNAME);
fatal("can't create temp file %s", TMPOUTNAME);
}
- snprintf(buf, buf_len, "%s%s%s", _PATH_ED,
- verbose ? " " : " -s ", TMPOUTNAME);
+ snprintf(buf, buf_len, "%s -S%s %s", _PATH_ED,
+ verbose ? "" : "s", TMPOUTNAME);
pipefp = popen(buf, "w");
}
for (;;) {
