aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2004-04-15 15:59:54 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2004-04-15 15:59:54 +0000
commit4a3041fa055ee510f52d7216aa90a8e1f020d824 (patch)
treeb57617043bdf2831c91bc4284ca7ed63a51fab9d
parentbdc9df456b5149782731e3630aa369fa0b678723 (diff)
downloadsrc-4a3041fa055ee510f52d7216aa90a8e1f020d824.tar.gz
src-4a3041fa055ee510f52d7216aa90a8e1f020d824.zip
Merge from 4-STABLE client.c 1.2.2.7, modules.c 1.1.1.5.2.4:
Correct some path validation errors in CVS. Approved by: so
Notes
Notes: svn path=/releng/4.9/; revision=128284
-rw-r--r--UPDATING3
-rw-r--r--contrib/cvs/src/client.c13
-rw-r--r--contrib/cvs/src/modules.c8
-rw-r--r--sys/conf/newvers.sh2
4 files changed, 25 insertions, 1 deletions
diff --git a/UPDATING b/UPDATING
index 918708cd3e3c..ddab9811a8b7 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20040415: p5 FreeBSD-SA-04:07.cvs
+ Correct some path validation errors in CVS.
+
20040317: p4 FreeBSD-SA-04:05.openssl
Correct a denial-of-service vulnerability in OpenSSL.
diff --git a/contrib/cvs/src/client.c b/contrib/cvs/src/client.c
index 566eca36c448..6e048d5c1fa1 100644
--- a/contrib/cvs/src/client.c
+++ b/contrib/cvs/src/client.c
@@ -1054,6 +1054,19 @@ call_in_directory (pathname, func, data)
char *rdirp;
int reposdirname_absolute;
+ /* For security reasons, if PATHNAME is absolute or attemps to ascend
+ * outside of the current sanbbox, we abort. The server should not send us
+ * anything but relative paths which remain inside the sandbox here.
+ * Anything less means a trojan CVS server could create and edit arbitrary
+ * files on the client.
+ */
+ if (isabsolute (pathname) || pathname_levels (pathname) > 0)
+ {
+ error (0, 0,
+ "Server attempted to update a file via an invalid pathname:");
+ error (1, 0, "`%s'.", pathname);
+ }
+
reposname = NULL;
read_line (&reposname);
assert (reposname != NULL);
diff --git a/contrib/cvs/src/modules.c b/contrib/cvs/src/modules.c
index b161e947bcb8..087676c31b45 100644
--- a/contrib/cvs/src/modules.c
+++ b/contrib/cvs/src/modules.c
@@ -159,6 +159,14 @@ do_module (db, mname, m_type, msg, callback_proc, where, shorten,
}
#endif
+ /* Similarly for directories that attempt to step above the root of the
+ * repository.
+ */
+ if (pathname_levels (mname) > 0)
+ error (1, 0, "up-level in module reference (`..') invalid: `%s'.",
+ mname);
+
+
/* if this is a directory to ignore, add it to that list */
if (mname[0] == '!' && mname[1] != '\0')
{
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 0497ccc6fcee..a870fa0a9346 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.9"
-BRANCH="RELEASE-p4"
+BRANCH="RELEASE-p5"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"