[mc/f18] Sanitize of MC_EXT_SELECTED variable when viewing multiple files - CVE-2012-4463 (rhbz#862814) - htt
Jindrich Novy
jnovy at fedoraproject.org
Wed Nov 28 10:32:40 UTC 2012
commit 241c3afb078d341a6bf4ed15961566fe53133599
Author: Jindrich Novy <jnovy at redhat.com>
Date: Wed Nov 28 11:31:04 2012 +0100
Sanitize of MC_EXT_SELECTED variable when viewing multiple files
- CVE-2012-4463 (rhbz#862814)
- https://www.midnight-commander.org/ticket/2913
mc-ext.c_quote_mc_ext_env_vars.diff | 31 +++++++++++++++++++++++++++++++
mc.spec | 13 ++++++++++++-
2 files changed, 43 insertions(+), 1 deletions(-)
---
diff --git a/mc-ext.c_quote_mc_ext_env_vars.diff b/mc-ext.c_quote_mc_ext_env_vars.diff
new file mode 100644
index 0000000..531b30c
--- /dev/null
+++ b/mc-ext.c_quote_mc_ext_env_vars.diff
@@ -0,0 +1,31 @@
+--- ./src/filemanager/ext.c
++++ ./src/filemanager/ext.c
+@@ -155,12 +155,13 @@
+ {
+ const char symbol;
+ const char *name;
++ const char *delim;
+ } export_variables[] = {
+- {'p', "MC_EXT_BASENAME"},
+- {'d', "MC_EXT_CURRENTDIR"},
+- {'s', "MC_EXT_SELECTED"},
+- {'t', "MC_EXT_ONLYTAGGED"},
+- {'\0', NULL}
++ {'p', "MC_EXT_BASENAME", ""},
++ {'d', "MC_EXT_CURRENTDIR", ""},
++ {'s', "MC_EXT_SELECTED", "\""},
++ {'t', "MC_EXT_ONLYTAGGED", "\""},
++ {'\0', NULL, 0}
+ };
+ /* *INDENT-ON* */
+
+@@ -178,7 +179,8 @@
+ if (text != NULL)
+ {
+ g_string_append_printf (export_vars_string,
+- "%s=%s\nexport %s\n", export_variables[i].name, text,
++ "%s=%s%s%s\nexport %s\n", export_variables[i].name,
++ export_variables[i].delim, text, export_variables[i].delim,
+ export_variables[i].name);
+ g_free (text);
+ }
diff --git a/mc.spec b/mc.spec
index b4675e3..d7011ea 100644
--- a/mc.spec
+++ b/mc.spec
@@ -1,12 +1,13 @@
Summary: User-friendly text console file manager and visual shell
Name: mc
Version: 4.8.6
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
License: GPLv3+
Group: System Environment/Shells
Source0: http://www.midnight-commander.org/downloads/mc-%{version}.tar.xz
URL: http://www.midnight-commander.org/
+Patch0: mc-ext.c_quote_mc_ext_env_vars.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: glib2-devel e2fsprogs-devel slang-devel gpm-devel groff
BuildRequires: aspell-devel libssh2-devel >= 1.2.5
@@ -20,6 +21,7 @@ specific files.
%prep
%setup -q
+%patch0 -p1 -b .CVE-2012-4463
%build
export CFLAGS="-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $RPM_OPT_FLAGS -Wno-strict-aliasing"
@@ -75,12 +77,21 @@ rm -rf $RPM_BUILD_ROOT
%dir %{_libexecdir}/mc/ext.d
%changelog
+* Wed Nov 28 2012 Jindrich Novy <jnovy at redhat.com> 4.8.6-2
+- sanitize of MC_EXT_SELECTED variable when viewing
+ multiple files, CVE-2012-4463 (#862814)
+ https://www.midnight-commander.org/ticket/2913
+
* Thu Sep 20 2012 Jindrich Novy <jnovy at redhat.com> 4.8.6-1
- update to 4.8.6 (#857512)
* Tue Sep 11 2012 Jindrich Novy <jnovy at redhat.com> 4.8.5-1
- update to 4.8.5 (#815307)
+* Thu Aug 09 2012 Jindrich Novy <jnovy at redhat.com> 4.8.4-5
+- handle overlapping menus correctly (#844392)
+ (https://www.midnight-commander.org/ticket/2817)
+
* Tue Jul 31 2012 Jindrich Novy <jnovy at redhat.com> 4.8.4-4
- fix segfault if aspell dicts aren't present
- fix segfault in mcedit when pressing alt-minus
More information about the scm-commits
mailing list