diff options
-rw-r--r-- | UPDATING | 3 | ||||
-rw-r--r-- | contrib/cvs/src/client.c | 13 | ||||
-rw-r--r-- | contrib/cvs/src/modules.c | 8 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 |
4 files changed, 25 insertions, 1 deletions
@@ -14,6 +14,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20040415: p5 FreeBSD-SA-04:07.cvs + Correct some path validation errors in CVS. + 20040329: p4 FreeBSD-SA-04:06.ipv6 Correct an input validation error involving setsockopt and IPv6 sockets. diff --git a/contrib/cvs/src/client.c b/contrib/cvs/src/client.c index 566eca36c448..6e048d5c1fa1 100644 --- a/contrib/cvs/src/client.c +++ b/contrib/cvs/src/client.c @@ -1054,6 +1054,19 @@ call_in_directory (pathname, func, data) char *rdirp; int reposdirname_absolute; + /* For security reasons, if PATHNAME is absolute or attemps to ascend + * outside of the current sanbbox, we abort. The server should not send us + * anything but relative paths which remain inside the sandbox here. + * Anything less means a trojan CVS server could create and edit arbitrary + * files on the client. + */ + if (isabsolute (pathname) || pathname_levels (pathname) > 0) + { + error (0, 0, + "Server attempted to update a file via an invalid pathname:"); + error (1, 0, "`%s'.", pathname); + } + reposname = NULL; read_line (&reposname); assert (reposname != NULL); diff --git a/contrib/cvs/src/modules.c b/contrib/cvs/src/modules.c index b2ded8de2ab0..f69902ffde51 100644 --- a/contrib/cvs/src/modules.c +++ b/contrib/cvs/src/modules.c @@ -170,6 +170,14 @@ do_module (db, mname, m_type, msg, callback_proc, where, shorten, if (isabsolute (mname)) error (1, 0, "Absolute module reference invalid: `%s'", mname); + /* Similarly for directories that attempt to step above the root of the + * repository. + */ + if (pathname_levels (mname) > 0) + error (1, 0, "up-level in module reference (`..') invalid: `%s'.", + mname); + + /* if this is a directory to ignore, add it to that list */ if (mname[0] == '!' && mname[1] != '\0') { diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 72b109cba695..2617f164ecb3 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="5.2.1" -BRANCH="RELEASE-p4" +BRANCH="RELEASE-p5" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" |