mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-01-14 05:02:28 +01:00
108 lines
3.4 KiB
Diff
108 lines
3.4 KiB
Diff
From 660438b485bcabac732ff4c63ee94826d66cf046 Mon Sep 17 00:00:00 2001
|
|
From: Sven Schwedas <sven.schwedas@tao.at>
|
|
Date: Wed, 29 Oct 2014 13:32:20 +0100
|
|
Subject: [PATCH 1/2] Sanitize mv arguments:
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
1. Fixes crashes on file names containing `, $ or "
|
|
2. Also prevents shell execution of ``, $() … in file names, which can be
|
|
used to gain remote shell access as lsyncd's (target) user.
|
|
---
|
|
default-rsyncssh.lua | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/default-rsyncssh.lua b/default-rsyncssh.lua
|
|
index 90732f6..b775942 100644
|
|
--- a/default-rsyncssh.lua
|
|
+++ b/default-rsyncssh.lua
|
|
@@ -74,6 +74,9 @@ rsyncssh.action = function( inlet )
|
|
-- makes move local on target host
|
|
-- if the move fails, it deletes the source
|
|
if event.etype == 'Move' then
|
|
+ local path1 = event.path:gsub ('"', '\\"'):gsub ('`', '\\`'):gsub ('%$','\\%$')
|
|
+ local path2 = event2.path:gsub ('"', '\\"'):gsub ('`', '\\`'):gsub ('%$','\\%$')
|
|
+
|
|
log('Normal', 'Moving ',event.path,' -> ',event2.path)
|
|
|
|
spawn(
|
|
@@ -82,10 +85,10 @@ rsyncssh.action = function( inlet )
|
|
config.ssh._computed,
|
|
config.host,
|
|
'mv',
|
|
- '\"' .. config.targetdir .. event.path .. '\"',
|
|
- '\"' .. config.targetdir .. event2.path .. '\"',
|
|
+ '\"' .. config.targetdir .. path1 .. '\"',
|
|
+ '\"' .. config.targetdir .. path2 .. '\"',
|
|
'||', 'rm', '-rf',
|
|
- '\"' .. config.targetdir .. event.path .. '\"')
|
|
+ '\"' .. config.targetdir .. path1 .. '\"')
|
|
return
|
|
end
|
|
|
|
--
|
|
2.2.2
|
|
|
|
|
|
From 396efd951ea3a20035cbf4ea52e1ff14ba018ef1 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?=C3=81ngel=20Gonz=C3=A1lez?= <angel@16bits.net>
|
|
Date: Tue, 25 Nov 2014 23:49:25 +0100
|
|
Subject: [PATCH 2/2] Properly sanitize mv parameters (CVE-2014-8990)
|
|
|
|
When using -rsyncssh option, some filenames
|
|
could -in addition of not syncing correctly-
|
|
crash the service and execute arbitrary commands
|
|
under the credentials of the remote user.
|
|
|
|
These issues have been assigned CVE-2014-8990
|
|
|
|
This commit fixes the incomplete and lua5.2-incompatible
|
|
sanitization performed by 18f02ad0
|
|
|
|
Signed-off-by: Sven Schwedas <sven.schwedas@tao.at>
|
|
(cherry picked from commit e6016b3748370878778b8f0b568d5281cc248aa4)
|
|
|
|
Conflicts:
|
|
default-rsyncssh.lua
|
|
---
|
|
default-rsyncssh.lua | 14 +++++++++-----
|
|
1 file changed, 9 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/default-rsyncssh.lua b/default-rsyncssh.lua
|
|
index b775942..4361a6c 100644
|
|
--- a/default-rsyncssh.lua
|
|
+++ b/default-rsyncssh.lua
|
|
@@ -74,8 +74,10 @@ rsyncssh.action = function( inlet )
|
|
-- makes move local on target host
|
|
-- if the move fails, it deletes the source
|
|
if event.etype == 'Move' then
|
|
- local path1 = event.path:gsub ('"', '\\"'):gsub ('`', '\\`'):gsub ('%$','\\%$')
|
|
- local path2 = event2.path:gsub ('"', '\\"'):gsub ('`', '\\`'):gsub ('%$','\\%$')
|
|
+ local path1 = config.targetdir .. event.path
|
|
+ local path2 = config.targetdir .. event2.path
|
|
+ path1 = "'" .. path1:gsub ('\'', '\'"\'"\'') .. "'"
|
|
+ path2 = "'" .. path2:gsub ('\'', '\'"\'"\'') .. "'"
|
|
|
|
log('Normal', 'Moving ',event.path,' -> ',event2.path)
|
|
|
|
@@ -85,10 +87,12 @@ rsyncssh.action = function( inlet )
|
|
config.ssh._computed,
|
|
config.host,
|
|
'mv',
|
|
- '\"' .. config.targetdir .. path1 .. '\"',
|
|
- '\"' .. config.targetdir .. path2 .. '\"',
|
|
+ path1,
|
|
+ path2,
|
|
'||', 'rm', '-rf',
|
|
- '\"' .. config.targetdir .. path1 .. '\"')
|
|
+ path1
|
|
+ )
|
|
+
|
|
return
|
|
end
|
|
|
|
--
|
|
2.2.2
|
|
|