Commit 4f5598e3 authored by Natanael Copa's avatar Natanael Copa

main/git: security fix (CVE-2018-19486)

fixes #9712
parent 6f40ae0c
......@@ -11,6 +11,8 @@ depends=
replaces="git-perl"
# secfixes:
# 2.15.r-r1:
# - CVE-2018-19486
# 2.15.3-r0:
# - CVE-2018-17456
# 2.15.2-r0:
......@@ -42,6 +44,7 @@ makedepends="zlib-dev libressl-dev curl-dev expat-dev perl-dev python2-dev
pcre2-dev asciidoc xmlto perl-error tcl tk"
source="https://www.kernel.org/pub/software/scm/git/git-$pkgver.tar.xz
bb-tar.patch
CVE-2018-19486.patch
git-daemon.initd
git-daemon.confd
"
......@@ -247,5 +250,6 @@ _git_perl() {
sha512sums="0de84aa3511f3b2bf3311efe4ed6991b1d41c292be72a884d477cb893d28e317ec5ee915c392805d866edae019da755c39f9b5e0259fcbf1973f65a112c7670b git-2.15.3.tar.xz
85767b5e03137008d6a96199e769e3979f75d83603ac8cb13a3481a915005637409a4fd94e0720da2ec6cd1124f35eba7cf20109a94816c4b4898a81fbc46bd2 bb-tar.patch
98e4d87d492f2e65930b842e2de3f2043d737dcb1cbcb09e504a21a387ad5e5ce7fbe8f9eea2594eec302c45d0f8f069c6b6767deba1ed61b4636f43dfe2a7aa CVE-2018-19486.patch
89528cdd14c51fd568aa61cf6c5eae08ea0844e59f9af9292da5fc6c268261f4166017d002d494400945e248df6b844e2f9f9cd2d9345d516983f5a110e4c42a git-daemon.initd
fbf1f425206a76e2a8f82342537ed939ff7e623d644c086ca2ced5f69b36734695f9f80ebda1728f75a94d6cd2fcb71bf845b64239368caab418e4d368c141ec git-daemon.confd"
From 321fd82389742398d2924640ce3a61791fd27d60 Mon Sep 17 00:00:00 2001
From: Jeff King <peff@peff.net>
Date: Wed, 24 Oct 2018 03:38:00 -0400
Subject: run-command: mark path lookup errors with ENOENT
Since commit e3a434468f (run-command: use the
async-signal-safe execv instead of execvp, 2017-04-19),
prepare_cmd() does its own PATH lookup for any commands we
run (on non-Windows platforms).
However, its logic does not match the old execvp call when
we fail to find a matching entry in the PATH. Instead of
feeding the name directly to execv, execvp would consider
that an ENOENT error. By continuing and passing the name
directly to execv, we effectively behave as if "." was
included at the end of the PATH. This can have confusing and
even dangerous results.
The fix itself is pretty straight-forward. There's a new
test in t0061 to cover this explicitly, and I've also added
a duplicate of the ENOENT test to ensure that we return the
correct errno for this case.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
run-command.c | 21 +++++++++++++++++----
t/t0061-run-command.sh | 13 ++++++++++++-
2 files changed, 29 insertions(+), 5 deletions(-)
diff --git a/run-command.c b/run-command.c
index 014b2165b..8d42a4f53 100644
--- a/run-command.c
+++ b/run-command.c
@@ -378,7 +378,7 @@ static void child_err_spew(struct child_process *cmd, struct child_err *cerr)
set_error_routine(old_errfn);
}
-static void prepare_cmd(struct argv_array *out, const struct child_process *cmd)
+static int prepare_cmd(struct argv_array *out, const struct child_process *cmd)
{
if (!cmd->argv[0])
die("BUG: command is empty");
@@ -401,16 +401,22 @@ static void prepare_cmd(struct argv_array *out, const struct child_process *cmd)
/*
* If there are no '/' characters in the command then perform a path
* lookup and use the resolved path as the command to exec. If there
- * are no '/' characters or if the command wasn't found in the path,
- * have exec attempt to invoke the command directly.
+ * are '/' characters, we have exec attempt to invoke the command
+ * directly.
*/
if (!strchr(out->argv[1], '/')) {
char *program = locate_in_PATH(out->argv[1]);
if (program) {
free((char *)out->argv[1]);
out->argv[1] = program;
+ } else {
+ argv_array_clear(out);
+ errno = ENOENT;
+ return -1;
}
}
+
+ return 0;
}
static char **prep_childenv(const char *const *deltaenv)
@@ -635,6 +641,12 @@ fail_pipe:
struct child_err cerr;
struct atfork_state as;
+ if (prepare_cmd(&argv, cmd) < 0) {
+ failed_errno = errno;
+ cmd->pid = -1;
+ goto end_of_spawn;
+ }
+
if (pipe(notify_pipe))
notify_pipe[0] = notify_pipe[1] = -1;
@@ -645,7 +657,6 @@ fail_pipe:
set_cloexec(null_fd);
}
- prepare_cmd(&argv, cmd);
childenv = prep_childenv(cmd->env);
atfork_prepare(&as);
@@ -773,6 +784,8 @@ fail_pipe:
argv_array_clear(&argv);
free(childenv);
}
+end_of_spawn:
+
#else
{
int fhin = 0, fhout = 1, fherr = 2;
--
cgit 1.2-0.3.lf.el7
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment