Overview

File logwatch-CVE-2011-1018.patch of Package logwatch

Index: scripts/logwatch.pl
===================================================================
--- scripts/logwatch.pl.orig	2011-02-25 12:30:40.934525836 +0100
+++ scripts/logwatch.pl	2011-02-25 12:34:45.979948361 +0100
@@ -845,6 +845,10 @@ foreach $LogFile (@LogFileList) {
    my $DestFile =  $TempDir . $LogFile . "-archive";
    my $Archive;
    foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) {
+      if ($Archive =~ /'/) {
+         print "File $Archive has invalid embedded quotes.  File ignored.\n";
+	 next;
+      }
       my $CheckTime;
       # We need to find out what's the earliest log we need
       my @time_t = TimeBuild();
@@ -872,18 +876,18 @@ foreach $LogFile (@LogFileList) {
          #These system calls are not secure but we are getting closer
          #What needs to go is all the pipes and instead we need a command loop
          #For each filter to apply -mgt
-            my $arguments = "$Archive >> $DestFile";
+            my $arguments = "'${Archive}' >> $DestFile";
             system("$Config{'pathtozcat'} $arguments") == 0
                or die "system $Config{'pathtozcat'} failed: $?" 
          } elsif (($Archive =~ m/bz2$/) && (-f "$Archive")) {
          #These system calls are not secure but we are getting closer
          #What needs to go is all the pipes and instead we need a command loop
          #For each filter to apply -mgt
-            my $arguments = "$Archive 2>/dev/null >> $DestFile";
+            my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
             system("$Config{'pathtobzcat'} $arguments") == 0
                or die "system $Config{'pathtobzcat'} failed: $?" 
-         } elsif (-f "$Archive") {
-            my $arguments = "$Archive  >> $DestFile";
+         } elsif ((-f "$Archive") && (-s "$Archive")) {
+            my $arguments = "'${Archive}'  >> $DestFile";
             system("$Config{'pathtocat'} $arguments") == 0
                or die "system $Config{'pathtocat'} failed: $?" 
          } #End if/elsif existence
@@ -895,6 +899,10 @@ foreach $LogFile (@LogFileList) {
    foreach my $ThisFile (@FileList) {
       #Existence check for files -mgt
       next unless (-f $ThisFile);
+      if ($ThisFile =~ /'/) {
+         print "File $ThisFile has invalid embedded quotes.  File ignored.\n";
+	 next;
+      }
       if (! -r $ThisFile) {
          print "File $ThisFile is not readable.  Check permissions.";
          if ($> != 0) {
@@ -903,7 +911,7 @@ foreach $LogFile (@LogFileList) {
          print "\n";
          next;
       }
-      $FileText .= ($ThisFile . " ");
+      $FileText .= ("'" . $ThisFile . "' ");
    } #End foreach ThisFile
 
    # remove the ENV entries set by previous service
openSUSE Build Service is sponsored by
Places