retitle 363978 rssh: broken command line parsing tags 363978 + security sarge severity 363978 critical thanks
Bruno Clermont <[EMAIL PROTECTED]> writes: > Package: rssh > Version: 2.2.3-1.sarge.1 > Since http://packages.qa.debian.org/r/rssh/news/20060418T004132Z.html > rssh seem to run incorrectly: Yes, it looks like it has the same bug that was fixed in 2.3.0-1.1. I've contacted the security team about getting it fixed; in the meantime, here is the patch that fixes this problem. only in patch2: unchanged: --- rssh-2.3.0.orig/main.c.in +++ rssh-2.3.0/main.c.in @@ -174,8 +174,6 @@ char **cmd ) { char **argvec; /* argument vector for new cmd line */ - char *homedir; /* relative to chroot */ - char *root; /* the chroot dir */ char *temp; /* to build chroot helper cmd line */ int len; @@ -229,8 +227,8 @@ *cmd = PATH_CHROOT_HELPER; /* set up buffer to log command line ('"' + ' ' + '\0' = 9) */ - len = strlen(cmdline) + strlen(root) + strlen(homedir) + - strlen(argvec[2]) + strlen(PATH_CHROOT_HELPER) + 9; + len = strlen(cmdline) + strlen(argvec[2]) + + strlen(PATH_CHROOT_HELPER) + 9; if ( !(temp = (char *)malloc(len)) ){ log_set_priority(LOG_ERR); log_msg("OOM error in build_shell_args() (fatal)"); only in patch2: unchanged: --- rssh-2.3.0.orig/util.c +++ rssh-2.3.0/util.c @@ -209,13 +209,14 @@ return PATH_SCP; } - if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ) + if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){ if ( opt_exist(cl, 'e') ){ fprintf(stderr, "\ninsecure -e option not allowed."); log_msg("insecure -e option in cvs command line!"); return NULL; } return PATH_CVS; + } if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){ /* filter -P option */ -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
