tuxillo's projects / dragonfly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 32e0bed) | patch
patch - Fix shell injection vulnerability
authorMatthew Dillon <dillon@apollo.backplane.com>
Sat, 15 Aug 2015 03:29:32 +0000 (20:29 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Sat, 15 Aug 2015 03:29:32 +0000 (20:29 -0700)
commite4bdac6bd0bece3ae6b3233ad260e8e82d21ba76
treee6113137fdd706b7e644aeee1bd52f0ef179e61ftree | snapshot
parent32e0bed6ef099359df4539075c50aec6939d992acommit | diff
patch - Fix shell injection vulnerability

* Fix shell injection vulnerability in patch(1) via ed(1) by
  tightening sanity check of the input. [1]

* While I'm there also replace ed(1) with red(1) because we do
  not need the unrestricted functionality.

Obtained from: Bitrig [1], and discussions w/ FreeBSD
Security: CVE-2015-1418 [1]
usr.bin/patch/pathnames.h diff | blob | blame | history
usr.bin/patch/pch.c diff | blob | blame | history
WIP repository