File CVE-2018-10916.patch of Package lftp.10482
From a27e07d90a4608ceaf928b1babb27d4d803e1992 Mon Sep 17 00:00:00 2001
From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
Date: Tue, 31 Jul 2018 10:57:35 +0300
Subject: [PATCH] mirror: prepend ./ to rm and chmod arguments to avoid URL
recognition (fix #452)
---
src/MirrorJob.cc | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/src/MirrorJob.cc b/src/MirrorJob.cc
index cf106c40..0be45431 100644
--- a/src/MirrorJob.cc
+++ b/src/MirrorJob.cc
@@ -1164,24 +1164,21 @@ int MirrorJob::Do()
}
continue;
}
+ bool use_rmdir = (file->TypeIs(file->DIRECTORY)
+ && recursion_mode==RECURSION_NEVER);
if(script)
{
- ArgV args("rm");
- if(file->TypeIs(file->DIRECTORY))
- {
- if(recursion_mode==RECURSION_NEVER)
- args.setarg(0,"rmdir");
- else
- args.Append("-r");
- }
+ ArgV args(use_rmdir?"rmdir":"rm");
+ if(file->TypeIs(file->DIRECTORY) && !use_rmdir)
+ args.Append("-r");
args.Append(target_session->GetFileURL(file->name));
xstring_ca cmd(args.CombineQuoted());
fprintf(script,"%s\n",cmd.get());
}
if(!script_only)
{
- ArgV *args=new ArgV("rm");
- args->Append(file->name);
+ ArgV *args=new ArgV(use_rmdir?"rmdir":"rm");
+ args->Append(dir_file(".",file->name));
args->seek(1);
rmJob *j=new rmJob(target_session->Clone(),args);
args->CombineTo(j->cmdline);
@@ -1189,10 +1186,7 @@ int MirrorJob::Do()
if(file->TypeIs(file->DIRECTORY))
{
if(recursion_mode==RECURSION_NEVER)
- {
- args->setarg(0,"rmdir");
j->Rmdir();
- }
else
j->Recurse();
}
@@ -1258,7 +1252,7 @@ int MirrorJob::Do()
if(!script_only)
{
ArgV *a=new ArgV("chmod");
- a->Append(file->name);
+ a->Append(dir_file(".",file->name));
a->seek(1);
ChmodJob *cj=new ChmodJob(target_session->Clone(),
file->mode&~mode_mask,a);
@@ -1380,7 +1374,7 @@ int MirrorJob::Do()
if(!script_only)
{
ArgV *args=new ArgV("rm");
- args->Append(file->name);
+ args->Append(dir_file(".",file->name));
args->seek(1);
rmJob *j=new rmJob(source_session->Clone(),args);
args->CombineTo(j->cmdline);
