38d8d86d31
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. Add upstream patch fixing CVE-2018-6951: There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. This bump does NOT fix CVE-2018-6952. See upstream bug #53133 (https://savannah.gnu.org/bugs/index.php?53133). Add license file hash. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
|
|
From: Andreas Gruenbacher <agruen@gnu.org>
|
|
Date: Mon, 12 Feb 2018 16:48:24 +0100
|
|
Subject: [PATCH] Fix segfault with mangled rename patch
|
|
|
|
http://savannah.gnu.org/bugs/?53132
|
|
* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
|
|
for renames and copies (fix the existing check).
|
|
|
|
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
|
---
|
|
Patch status: upstream commit f290f48a6218
|
|
|
|
src/pch.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/pch.c b/src/pch.c
|
|
index ff9ed2cebb8a..bc6278c4032c 100644
|
|
--- a/src/pch.c
|
|
+++ b/src/pch.c
|
|
@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
|
|
if ((pch_rename () || pch_copy ())
|
|
&& ! inname
|
|
&& ! ((i == OLD || i == NEW) &&
|
|
- p_name[! reverse] &&
|
|
+ p_name[reverse] && p_name[! reverse] &&
|
|
+ name_is_valid (p_name[reverse]) &&
|
|
name_is_valid (p_name[! reverse])))
|
|
{
|
|
say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
|
|
--
|
|
2.16.1
|
|
|