24 lines
599 B
Diff
24 lines
599 B
Diff
Fix for CVE-2017-12836, extracted from MirBSD repository.
|
|
|
|
--- a/src/rsh-client.c 2017/03/26 15:54:10 1.6
|
|
+++ b/src/rsh-client.c 2017/08/11 20:41:40 1.7
|
|
@@ -107,6 +108,9 @@ start_rsh_server (cvsroot_t *root, struc
|
|
rsh_argv[i++] = argvport;
|
|
}
|
|
|
|
+ /* Only non-option arguments from here. (CVE-2017-12836) */
|
|
+ rsh_argv[i++] = "--";
|
|
+
|
|
rsh_argv[i++] = root->hostname;
|
|
rsh_argv[i++] = cvs_server;
|
|
if (readonlyfs)
|
|
@@ -190,6 +194,8 @@ start_rsh_server (cvsroot_t *root, struc
|
|
*p++ = "-p";
|
|
*p++ = argvport;
|
|
}
|
|
+
|
|
+ *p++ = "--";
|
|
|
|
*p++ = root->hostname;
|
|
*p++ = command;
|