mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-01-10 03:01:44 +01:00
64afb5ab10
- XSA-198 CVE-2016-9379 CVE-2016-9380 delimiter injection vulnerabilities in pygrub - XSA-197 CVE-2016-9381 qemu incautious about shared ring processing - XSA-196 CVE-2016-9377 CVE-2016-9378 x86 software interrupt injection mis-handled - XSA-195 CVE-2016-9383 x86 64-bit bit test instruction emulation broken - XSA-194 CVE-2016-9384 guest 32-bit ELF symbol table load leaking host data - XSA-193 CVE-2016-9385 x86 segment base write emulation lacking canonical address checks - XSA-192 CVE-2016-9382 x86 task switch to VM86 mode mis-handled - XSA-191 CVE-2016-9386 x86 null segments not always treated as unusable fixes #6495
63 lines
2.1 KiB
Diff
63 lines
2.1 KiB
Diff
From 71a389ae940bc52bf897a6e5becd73fd8ede94c5 Mon Sep 17 00:00:00 2001
|
|
From: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
Date: Thu, 3 Nov 2016 16:37:40 +0000
|
|
Subject: [PATCH] pygrub: Properly quote results, when returning them to the
|
|
caller:
|
|
|
|
* When the caller wants sexpr output, use `repr()'
|
|
This is what Xend expects.
|
|
|
|
The returned S-expressions are now escaped and quoted by Python,
|
|
generally using '...'. Previously kernel and ramdisk were unquoted
|
|
and args was quoted with "..." but without proper escaping. This
|
|
change may break toolstacks which do not properly dequote the
|
|
returned S-expressions.
|
|
|
|
* When the caller wants "simple" output, crash if the delimiter is
|
|
contained in the returned value.
|
|
|
|
With --output-format=simple it does not seem like this could ever
|
|
happen, because the bootloader config parsers all take line-based
|
|
input from the various bootloader config files.
|
|
|
|
With --output-format=simple0, this can happen if the bootloader
|
|
config file contains nul bytes.
|
|
|
|
This is XSA-198.
|
|
|
|
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
Tested-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
---
|
|
tools/pygrub/src/pygrub | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
|
|
index 40f9584..dd0c8f7 100755
|
|
--- a/tools/pygrub/src/pygrub
|
|
+++ b/tools/pygrub/src/pygrub
|
|
@@ -721,14 +721,17 @@ def sniff_netware(fs, cfg):
|
|
return cfg
|
|
|
|
def format_sxp(kernel, ramdisk, args):
|
|
- s = "linux (kernel %s)" % kernel
|
|
+ s = "linux (kernel %s)" % repr(kernel)
|
|
if ramdisk:
|
|
- s += "(ramdisk %s)" % ramdisk
|
|
+ s += "(ramdisk %s)" % repr(ramdisk)
|
|
if args:
|
|
- s += "(args \"%s\")" % args
|
|
+ s += "(args %s)" % repr(args)
|
|
return s
|
|
|
|
def format_simple(kernel, ramdisk, args, sep):
|
|
+ for check in (kernel, ramdisk, args):
|
|
+ if check is not None and sep in check:
|
|
+ raise RuntimeError, "simple format cannot represent delimiter-containing value"
|
|
s = ("kernel %s" % kernel) + sep
|
|
if ramdisk:
|
|
s += ("ramdisk %s" % ramdisk) + sep
|
|
--
|
|
2.1.4
|
|
|