diff options
Diffstat (limited to 'meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch')
-rw-r--r-- | meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch deleted file mode 100644 index 285667b869..0000000000 --- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch +++ /dev/null @@ -1,35 +0,0 @@ -From a7831a16c3e0e1463d5eb08a58af152cb75ca976 Mon Sep 17 00:00:00 2001 -From: Yi Zhao <yi.zhao@windriver.com> -Date: Mon, 15 Apr 2019 06:05:58 +0000 -Subject: [PATCH] Fix CVE-2019-7282 and CVE-2019-7283 - -Description: Fix CVE-2018-20685 and CVE-2019-6111 -Bug-Debian: https://bugs.debian.org/920486 -Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114 - -Upstream-Status: Backport [Debian] -[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch] - -CVE: CVE-2019-7282 CVE-2019-7283 - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - rcp/rcp.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/rcp/rcp.c b/rcp/rcp.c -index ca61c18..77d8ff8 100644 ---- a/rcp/rcp.c -+++ b/rcp/rcp.c -@@ -740,6 +740,11 @@ sink(int argc, char *argv[]) - size = size * 10 + (*cp++ - '0'); - if (*cp++ != ' ') - SCREWUP("size not delimited"); -+ if (*cp == '\0' || strchr(cp, '/') != NULL || -+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { -+ error("error: unexpected filename: %s", cp); -+ exit(1); -+ } - if (targisdir) { - static char *namebuf; - static int cursize; |