1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
From 5046e5605cf7420d9a11de49bd9fe4851a4ca1d2 Mon Sep 17 00:00:00 2001
From: Saleem Rashid <dev@saleemrashid.com>
Date: Thu, 5 Apr 2018 22:48:25 +0100
Subject: [PATCH] Refuse to apply ed scripts by default
* src/patch.c, src/pch.c: Warn that ed scripts are potentially
dangerous, unless patch is invoked with --force
This fixes an issue where ed scripts could be included in a patch, executing
arbitrary shell commands without the user's knowledge.
Original bug report:
https://savannah.gnu.org/bugs/index.php?53566
---
src/patch.c | 13 +++++++++++--
src/pch.c | 11 +++++++++++
6 files changed, 62 insertions(+), 5 deletions(-)
diff --git a/src/patch.c b/src/patch.c
index 0fe6d72..e14a9c4 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -781,7 +781,7 @@ static char const *const option_help[] =
" -l --ignore-whitespace Ignore white space changes between patch and input.",
"",
" -c --context Interpret the patch as a context difference.",
-" -e --ed Interpret the patch as an ed script.",
+" -e --ed Interpret the patch as a potentially dangerous ed script. This could allow arbitrary command execution!",
" -n --normal Interpret the patch as a normal difference.",
" -u --unified Interpret the patch as a unified difference.",
"",
@@ -825,7 +825,7 @@ static char const *const option_help[] =
"Miscellaneous options:",
"",
" -t --batch Ask no questions; skip bad-Prereq patches; assume reversed.",
-" -f --force Like -t, but ignore bad-Prereq patches, and assume unreversed.",
+" -f --force Like -t, but ignore bad-Prereq patches, apply potentially dangerous ed scripts, and assume unreversed.",
" -s --quiet --silent Work silently unless an error occurs.",
" --verbose Output extra information about the work being done.",
" --dry-run Do not actually change any files; just print what would happen.",
@@ -1068,6 +1068,15 @@ get_some_switches (void)
}
}
+ if (! force && diff_type == ED_DIFF)
+ {
+ ask ("Apply potentially dangerous ed script? This could allow arbitrary command execution! [n] ");
+ if (*buf != 'y')
+ {
+ fatal ("Refusing to apply potentially dangerous ed script.");
+ }
+ }
+
/* Process any filename args. */
if (optind < Argc)
{
diff --git a/src/pch.c b/src/pch.c
index bc6278c..ab34dd4 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1001,6 +1001,17 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
instat = st[i];
}
+ if (! force && retval == ED_DIFF)
+ {
+ ask ("Apply potentially dangerous ed script? This could allow arbitrary command execution! [n] ");
+ if (*buf != 'y')
+ {
+ if (verbosity != SILENT)
+ say ("Skipping potentially dangerous ed script.\n");
+ skip_rest_of_patch = true;
+ }
+ }
+
return retval;
}
|
