cvs: fix CVE-2017-12836

This patch is based on the work of the patch from Thorsten Glaser (MirBSD) [1] [1] http://www.mirbsd.org/cvs.cgi/src/gnu/usr.bin/cvs/src/rsh-client.c.diff?r1=1.6;r2=1.7
author: Andreas Rammhold <andreas@rammhold.de> 2017-11-07 16:10:18 +0100
committer: Andreas Rammhold <andreas@rammhold.de> 2017-11-07 17:01:45 +0100
commit: d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3 (patch)
tree: af4be012f25540f02111e212eb3a1fa1fa3080fe /pkgs/applications/version-management/cvs
parent: cfafd6f5a819472911eaf2650b50a62f0c143e3e (diff)
download: nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar
nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.gz
nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.bz2
nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.lz
nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.xz
nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.zst
nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.zip
2 files changed, 30 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/cvs/CVE-2017-12836.patch b/pkgs/applications/version-management/cvs/CVE-2017-12836.patch
new file mode 100644
index 00000000000..95007942368
--- /dev/null
+++ b/pkgs/applications/version-management/cvs/CVE-2017-12836.patch
@@ -0,0 +1,29 @@
+--- a/src/rsh-client.c.orig	2005-10-02 17:17:21.000000000 +0200
++++ b/src/rsh-client.c	2017-11-07 16:56:06.957370469 +0100
+@@ -53,7 +53,7 @@
+     char *cvs_server = (root->cvs_server != NULL
+ 			? root->cvs_server : getenv ("CVS_SERVER"));
+     int i = 0;
+-    /* This needs to fit "rsh", "-b", "-l", "USER", "host",
++    /* This needs to fit "rsh", "-b", "-l", "USER", "--", "host",
+        "cmd (w/ args)", and NULL.  We leave some room to grow. */
+     char *rsh_argv[10];
+ 
+@@ -97,6 +97,9 @@
+ 	rsh_argv[i++] = root->username;
+     }
+ 
++    /* Only non-option arguments from here. (CVE-2017-12836) */
++    rsh_argv[i++] = "--";
++
+     rsh_argv[i++] = root->hostname;
+     rsh_argv[i++] = cvs_server;
+     rsh_argv[i++] = "server";
+@@ -171,6 +174,7 @@
+ 	    *p++ = root->username;
+ 	}
+ 
++	*p++ = "--";
+ 	*p++ = root->hostname;
+ 	*p++ = command;
+ 	*p++ = NULL;
diff --git a/pkgs/applications/version-management/cvs/default.nix b/pkgs/applications/version-management/cvs/default.nix
index 8c69517a750..a330db6a8d6 100644
--- a/pkgs/applications/version-management/cvs/default.nix
+++ b/pkgs/applications/version-management/cvs/default.nix
@@ -11,6 +11,7 @@ stdenv.mkDerivation {
   patches = [
     ./getcwd-chroot.patch
     ./CVE-2012-0804.patch
+    ./CVE-2017-12836.patch
   ];
 
   hardeningDisable = [ "fortify" "format" ];
author	Andreas Rammhold <andreas@rammhold.de>	2017-11-07 16:10:18 +0100
committer	Andreas Rammhold <andreas@rammhold.de>	2017-11-07 17:01:45 +0100
commit	d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3 (patch)
tree	af4be012f25540f02111e212eb3a1fa1fa3080fe /pkgs/applications/version-management/cvs
parent	cfafd6f5a819472911eaf2650b50a62f0c143e3e (diff)
download	nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.gz nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.bz2 nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.lz nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.xz nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.zst nixpkgs-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.zip