Update of /cvsroot/lxr/lxr/lib/LXR/Files
In directory sc8-pr-cvs1:/tmp/cvs-serv9370
Modified Files:
CVS.pm
Log Message:
Apply patch 594351 - fix potential security flaws in CVS file opening.
Index: CVS.pm
===================================================================
RCS file: /cvsroot/lxr/lxr/lib/LXR/Files/CVS.pm,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- CVS.pm 3 Feb 2002 08:22:08 -0000 1.17
+++ CVS.pm 2 May 2003 23:04:16 -0000 1.18
@@ -156,10 +156,10 @@
my $rev = $self->filerev($filename, $release);
return undef unless defined($rev);
- $fileh = new FileHandle("co -q -p$rev ".
- $self->toreal($filename, $release).
- " |"); # FIXME: Exploitable?
- die("Error execting \"co\", rcs not installed?") unless $fileh;
+ open($fileh, "-|", "co -q -p$rev ".
+ $self->cleanstring($self->toreal($filename, $release)));
+
+ die("Error executing \"co\"; rcs not installed?") unless $fileh;
return $fileh;
}
@@ -175,10 +175,10 @@
my $rev2 = $self->filerev($filename, $release2);
return undef unless defined($rev2);
- $fileh = new FileHandle("rcsdiff -q -a -n -r$rev1 -r$rev2 ".
- $self->toreal($filename, $release1).
- " |"); # FIXME: Exploitable?
- die("Error execting \"rcsdiff\", rcs not installed?") unless $fileh;
+ open($fileh, "-|", "rcsdiff -q -a -n -r$rev1 -r$rev2 ".
+ $self->cleanstring($self->toreal($filename, $release1)));
+
+ die("Error executing \"rcsdiff\"; rcs not installed?") unless $fileh;
return $fileh->getlines;
}
@@ -273,6 +273,25 @@
return undef;
}
+
+
+sub cleanstring {
+ my ($self, $in) = @_;
+
+ my $out = '';
+
+ for (split('',$in)) {
+ s/[|&!`;$%<>[:cntrl:]]// || # drop these in particular
+ /[\w\/,.-_+=]/ || # keep these intact
+ s/([ '"\x20-\x7E])/\\$1/ || # escape these out
+ s/.//; # drop everything else
+
+ $out .= $_;
+ }
+
+ return $out;
+}
+
sub isdir {
my ($self, $pathname, $release) = @_;
|
