You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 lines
636 B
23 lines
636 B
diff -Naurp a/src/rsh-client.c b/src/rsh-client.c
|
|
--- a/src/rsh-client.c 2005-03-15 18:45:10.000000000 +0100
|
|
+++ b/src/rsh-client.c 2017-08-26 17:43:23.228060155 +0200
|
|
@@ -97,6 +97,9 @@ start_rsh_server (cvsroot_t *root, struc
|
|
rsh_argv[i++] = root->username;
|
|
}
|
|
|
|
+ /* Only non-option arguments from here. (CVE-2017-12836) */
|
|
+ rsh_argv[i++] = "--";
|
|
+
|
|
rsh_argv[i++] = root->hostname;
|
|
rsh_argv[i++] = cvs_server;
|
|
rsh_argv[i++] = "server";
|
|
@@ -171,6 +174,8 @@ start_rsh_server (cvsroot_t *root, struc
|
|
*p++ = root->username;
|
|
}
|
|
|
|
+ *p++ = "--";
|
|
+
|
|
*p++ = root->hostname;
|
|
*p++ = command;
|
|
*p++ = NULL;
|