Overview

File CVE-2018-1000622-prevent-rustdoc-loads-uncontrolled-plugins-path.patch of Package rust.9096

From 8e1bf21b305571567ad21e9e6ef963c45f801c51 Mon Sep 17 00:00:00 2001
From: steveklabnik <steve@steveklabnik.com>
Date: Sat, 7 Jul 2018 10:45:45 -0600
Subject: [PATCH] Fix CVE-2018-1000622

- This patch consists of requiring `--plugin-path` to be passed
  whenever `--plugin` is passed
- patch made by steveklabnik
- rustdoc plugins will be removed entirely on 1.28.0
---
 src/librustdoc/lib.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/librustdoc/lib.rs b/src/librustdoc/lib.rs
index 059d416989..19bfc74063 100644
--- a/src/librustdoc/lib.rs
+++ b/src/librustdoc/lib.rs
@@ -681,8 +681,14 @@ where R: 'static + Send,
             }
         }
 
+        if !plugins.is_empty() && plugin_path.is_none() {
+            eprintln!("ERROR: You must pass --plugin-path to use --plugins");
+            std::process::exit(1);
+        }
+
+
         // Load all plugins/passes into a PluginManager
-        let path = plugin_path.unwrap_or("/tmp/rustdoc/plugins".to_string());
+        let path = plugin_path.unwrap_or("/usr/lib64/rustdoc/plugins".to_string());
         let mut pm = plugins::PluginManager::new(PathBuf::from(path));
         for pass in &passes {
             let plugin = match passes::PASSES.iter()
-- 
2.13.7
openSUSE Build Service is sponsored by
Places