Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
rust.9097
CVE-2018-1000622-prevent-rustdoc-loads-uncontro...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-1000622-prevent-rustdoc-loads-uncontrolled-plugins-path.patch of Package rust.9097
From 8e1bf21b305571567ad21e9e6ef963c45f801c51 Mon Sep 17 00:00:00 2001 From: steveklabnik <steve@steveklabnik.com> Date: Sat, 7 Jul 2018 10:45:45 -0600 Subject: [PATCH] Fix CVE-2018-1000622 - This patch consists of requiring `--plugin-path` to be passed whenever `--plugin` is passed - patch made by steveklabnik - rustdoc plugins will be removed entirely on 1.28.0 --- src/librustdoc/lib.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/librustdoc/lib.rs b/src/librustdoc/lib.rs index 059d416989..19bfc74063 100644 --- a/src/librustdoc/lib.rs +++ b/src/librustdoc/lib.rs @@ -681,8 +681,14 @@ where R: 'static + Send, } } + if !plugins.is_empty() && plugin_path.is_none() { + eprintln!("ERROR: You must pass --plugin-path to use --plugins"); + std::process::exit(1); + } + + // Load all plugins/passes into a PluginManager - let path = plugin_path.unwrap_or("/tmp/rustdoc/plugins".to_string()); + let path = plugin_path.unwrap_or("/usr/lib64/rustdoc/plugins".to_string()); let mut pm = plugins::PluginManager::new(PathBuf::from(path)); for pass in &passes { let plugin = match passes::PASSES.iter() -- 2.13.7
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor