2.23.2-6: CVE-2014-9114
This commit is contained in:
parent
518942f76e
commit
fa2d6a7fff
149
2.26-libblkid-escape.patch
Normal file
149
2.26-libblkid-escape.patch
Normal file
@ -0,0 +1,149 @@
|
||||
diff -up util-linux-2.23.2/libblkid/src/read.c.kzak util-linux-2.23.2/libblkid/src/read.c
|
||||
--- util-linux-2.23.2/libblkid/src/read.c.kzak 2013-06-13 09:46:10.421650630 +0200
|
||||
+++ util-linux-2.23.2/libblkid/src/read.c 2014-11-27 15:02:18.559969208 +0100
|
||||
@@ -252,15 +252,30 @@ static int parse_token(char **name, char
|
||||
*value = skip_over_blank(*value + 1);
|
||||
|
||||
if (**value == '"') {
|
||||
- end = strchr(*value + 1, '"');
|
||||
- if (!end) {
|
||||
+ char *p = end = *value + 1;
|
||||
+
|
||||
+ /* convert 'foo\"bar' to 'foo"bar' */
|
||||
+ while (*p) {
|
||||
+ if (*p == '\\') {
|
||||
+ p++;
|
||||
+ *end = *p;
|
||||
+ } else {
|
||||
+ *end = *p;
|
||||
+ if (*p == '"')
|
||||
+ break;
|
||||
+ }
|
||||
+ p++;
|
||||
+ end++;
|
||||
+ }
|
||||
+
|
||||
+ if (*end != '"') {
|
||||
DBG(READ, blkid_debug("unbalanced quotes at: %s", *value));
|
||||
*cp = *value;
|
||||
return -BLKID_ERR_CACHE;
|
||||
}
|
||||
(*value)++;
|
||||
*end = '\0';
|
||||
- end++;
|
||||
+ end = ++p;
|
||||
} else {
|
||||
end = skip_over_word(*value);
|
||||
if (*end) {
|
||||
diff -up util-linux-2.23.2/libblkid/src/save.c.kzak util-linux-2.23.2/libblkid/src/save.c
|
||||
--- util-linux-2.23.2/libblkid/src/save.c.kzak 2013-07-30 10:39:26.209738269 +0200
|
||||
+++ util-linux-2.23.2/libblkid/src/save.c 2014-11-27 15:02:18.559969208 +0100
|
||||
@@ -23,6 +23,21 @@
|
||||
#endif
|
||||
#include "blkidP.h"
|
||||
|
||||
+
|
||||
+static void save_quoted(const char *data, FILE *file)
|
||||
+{
|
||||
+ const char *p;
|
||||
+
|
||||
+ fputc('"', file);
|
||||
+ for (p = data; p && *p; p++) {
|
||||
+ if ((unsigned char) *p == 0x22 || /* " */
|
||||
+ (unsigned char) *p == 0x5c) /* \ */
|
||||
+ fputc('\\', file);
|
||||
+
|
||||
+ fputc(*p, file);
|
||||
+ }
|
||||
+ fputc('"', file);
|
||||
+}
|
||||
static int save_dev(blkid_dev dev, FILE *file)
|
||||
{
|
||||
struct list_head *p;
|
||||
@@ -40,9 +55,14 @@ static int save_dev(blkid_dev dev, FILE
|
||||
|
||||
if (dev->bid_pri)
|
||||
fprintf(file, " PRI=\"%d\"", dev->bid_pri);
|
||||
+
|
||||
list_for_each(p, &dev->bid_tags) {
|
||||
blkid_tag tag = list_entry(p, struct blkid_struct_tag, bit_tags);
|
||||
- fprintf(file, " %s=\"%s\"", tag->bit_name,tag->bit_val);
|
||||
+
|
||||
+ fputc(' ', file); /* space between tags */
|
||||
+ fputs(tag->bit_name, file); /* tag NAME */
|
||||
+ fputc('=', file); /* separator between NAME and VALUE */
|
||||
+ save_quoted(tag->bit_val, file); /* tag "VALUE" */
|
||||
}
|
||||
fprintf(file, ">%s</device>\n", dev->bid_name);
|
||||
|
||||
diff -up util-linux-2.23.2/lib/tt.c.kzak util-linux-2.23.2/lib/tt.c
|
||||
--- util-linux-2.23.2/lib/tt.c.kzak 2013-07-15 10:25:46.280049032 +0200
|
||||
+++ util-linux-2.23.2/lib/tt.c 2014-11-27 15:02:18.560969219 +0100
|
||||
@@ -672,6 +672,8 @@ void tt_fputs_quoted(const char *data, F
|
||||
for (p = data; p && *p; p++) {
|
||||
if ((unsigned char) *p == 0x22 || /* " */
|
||||
(unsigned char) *p == 0x5c || /* \ */
|
||||
+ (unsigned char) *p == 0x60 || /* ` */
|
||||
+ (unsigned char) *p == 0x24 || /* $ */
|
||||
!isprint((unsigned char) *p) ||
|
||||
iscntrl((unsigned char) *p)) {
|
||||
|
||||
diff -up util-linux-2.23.2/misc-utils/blkid.8.kzak util-linux-2.23.2/misc-utils/blkid.8
|
||||
--- util-linux-2.23.2/misc-utils/blkid.8.kzak 2013-06-13 09:46:10.446650844 +0200
|
||||
+++ util-linux-2.23.2/misc-utils/blkid.8 2014-11-27 15:02:18.560969219 +0100
|
||||
@@ -193,7 +193,10 @@ partitions. This output format is \fBDE
|
||||
.TP
|
||||
.B export
|
||||
print key=value pairs for easy import into the environment; this output format
|
||||
-is automatically enabled when I/O Limits (\fB-i\fR option) are requested
|
||||
+is automatically enabled when I/O Limits (\fB-i\fR option) are requested.
|
||||
+
|
||||
+The non-printing characters are encoded by ^ and M- notation and all
|
||||
+potentially unsafe characters are escaped.
|
||||
.RE
|
||||
.TP
|
||||
.BI \-O " offset"
|
||||
diff -up util-linux-2.23.2/misc-utils/blkid.c.kzak util-linux-2.23.2/misc-utils/blkid.c
|
||||
--- util-linux-2.23.2/misc-utils/blkid.c.kzak 2014-11-27 15:02:18.560969219 +0100
|
||||
+++ util-linux-2.23.2/misc-utils/blkid.c 2014-11-27 15:05:34.770244516 +0100
|
||||
@@ -106,8 +106,10 @@ static void usage(int error)
|
||||
/*
|
||||
* This function does "safe" printing. It will convert non-printable
|
||||
* ASCII characters using '^' and M- notation.
|
||||
+ *
|
||||
+ * If 'esc' is defined then escape all chars from esc by \.
|
||||
*/
|
||||
-static void safe_print(const char *cp, int len)
|
||||
+static void safe_print(const char *cp, int len, const char *esc)
|
||||
{
|
||||
unsigned char ch;
|
||||
|
||||
@@ -124,7 +126,9 @@ static void safe_print(const char *cp, i
|
||||
if ((ch < 32) || (ch == 0x7f)) {
|
||||
fputc('^', stdout);
|
||||
ch ^= 0x40; /* ^@, ^A, ^B; ^? for DEL */
|
||||
- }
|
||||
+
|
||||
+ } else if (esc && strchr(esc, ch))
|
||||
+ fputc('\\', stdout);
|
||||
}
|
||||
fputc(ch, stdout);
|
||||
}
|
||||
@@ -301,7 +305,7 @@ static void print_value(int output, int
|
||||
printf("DEVNAME=%s\n", devname);
|
||||
fputs(name, stdout);
|
||||
fputs("=", stdout);
|
||||
- safe_print(value, valsz);
|
||||
+ safe_print(value, valsz, " \\\"'$`<>");
|
||||
fputs("\n", stdout);
|
||||
|
||||
} else {
|
||||
@@ -309,7 +313,7 @@ static void print_value(int output, int
|
||||
printf("%s: ", devname);
|
||||
fputs(name, stdout);
|
||||
fputs("=\"", stdout);
|
||||
- safe_print(value, valsz);
|
||||
+ safe_print(value, valsz, "\"\\");
|
||||
fputs("\" ", stdout);
|
||||
}
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
Summary: A collection of basic system utilities
|
||||
Name: util-linux
|
||||
Version: 2.23.2
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
|
||||
Group: System Environment/Base
|
||||
URL: http://en.wikipedia.org/wiki/Util-linux
|
||||
@ -93,6 +93,8 @@ Patch6: 2.24-su-fix-lastlog-and-btmp-logging.patch
|
||||
Patch7: 2.24-sfdisk-fix-y-n-mismatch.patch
|
||||
# v2.24 backport: #1024424 - Fix bash completion for more
|
||||
Patch8: 2.24-bash-completion-IFS.patch
|
||||
# 1168490 - CVE-2014-9114 util-linux: command injection flaw in blkid
|
||||
Patch9: 2.26-libblkid-escape.patch
|
||||
|
||||
%description
|
||||
The util-linux package contains a large variety of low-level system
|
||||
@ -809,6 +811,9 @@ fi
|
||||
%{_libdir}/pkgconfig/uuid.pc
|
||||
|
||||
%changelog
|
||||
* Thu Nov 27 2014 Karel Zak <kzak@redhat.com> 2.23.2-6
|
||||
- fix #1168490 - CVE-2014-9114 util-linux: command injection flaw in blkid
|
||||
|
||||
* Mon Jan 13 2014 Karel Zak <kzak@redhat.com> 2.23.2-5
|
||||
- fix #1009345 - Joking sfdisk rewriting PT after "n"
|
||||
- fix #1024424 - Fix bash completion for more
|
||||
|
Loading…
Reference in New Issue
Block a user