debmany: Fix shell injection via crafted .deb
Closes: #1031267
Thanks to Jakub Wilk for reporting!
Axel Beckert
1 year, 2 months ago
3 | 3 |
* debmany:
|
4 | 4 |
+ Fix -k option: Use "kfmclient newTab" instead of no more existing
|
5 | 5 |
"kfmclient exec" subcommand.
|
|
6 |
+ Fix shell injection via crafted .deb. (Closes: #1031267)
|
|
7 |
Thanks to Jakub Wilk for reporting!
|
6 | 8 |
|
7 | 9 |
[ Debian Janitor ]
|
8 | 10 |
* Remove constraints unnecessary since buster (oldstable):
|
93 | 93 |
else
|
94 | 94 |
error "$*"
|
95 | 95 |
fi
|
|
96 |
}
|
|
97 |
|
|
98 |
replace_percent_s_and_execute() {
|
|
99 |
replacement="$1"
|
|
100 |
shift
|
|
101 |
declare -a cmdarr
|
|
102 |
cmdarr=($@)
|
|
103 |
debug "cmdarr before; ${cmdarr[@]}"
|
|
104 |
for i in ${!cmdarr[@]}; do
|
|
105 |
cmdarr[$i]="${cmdarr[$i]/\%s/$replacement}"
|
|
106 |
done
|
|
107 |
debug "cmdarr after; ${cmdarr[@]}"
|
|
108 |
command "${cmdarr[@]}"
|
96 | 109 |
}
|
97 | 110 |
|
98 | 111 |
while [ $# -gt 0 ]
|
|
376 | 389 |
dpkg --fsys-tarfile "$file" | tar --wildcards -xf - $mandirs 2>/dev/null
|
377 | 390 |
# find all manpage files
|
378 | 391 |
manpages=`find usr -type f 2>/dev/null|sort|sed -e 's|\([^/]*\)$|\1 \1|'`
|
|
392 |
# | egrep -v '[\`\\${}*?;<>|]'
|
379 | 393 |
fi
|
380 | 394 |
|
381 | 395 |
while true
|
|
411 | 425 |
cd "$path"
|
412 | 426 |
fi
|
413 | 427 |
debug "Opening manpage file: "`printf "$mancmdline" "$PWD/$file"` # comment
|
414 | |
eval $(printf "$mancmdline" "$PWD/$file")
|
|
428 |
replace_percent_s_and_execute "$PWD/$file" "$mancmdline"
|
415 | 429 |
cd - >/dev/null
|
416 | 430 |
else
|
417 | 431 |
# other file (usr/share/doc)
|
418 | 432 |
debug "Opening other file: "`printf "$othercmdline" "$PWD/$return"` # comment
|
419 | 433 |
if [[ "$return" =~ \.gz$ ]]
|
420 | 434 |
then
|
421 | |
eval $(printf "gzip -dc $PWD/$return | $othercmdline")
|
|
435 |
gzip -dc "$PWD/$return" | replace_percent_s_and_execute '-' "$othercmdline"
|
422 | 436 |
else
|
423 | |
eval $(printf "$othercmdline" "$PWD/$return")
|
|
437 |
replace_percent_s_and_execute "$PWD/$return" "$othercmdline"
|
424 | 438 |
fi
|
425 | 439 |
fi
|
426 | 440 |
else
|