1 new commit in tramp:
https://bitbucket.org/xemacs/tramp/commits/84bd1ffedb05/
Changeset: 84bd1ffedb05
User: albinus
Date: 2014-05-20 11:08:30
Summary: * tramp-sh.el (tramp-uudecode): Replace the hard-coded temporary
file name by a format specifier.
(tramp-remote-coding-commands): Enhance docstring.
(tramp-find-inline-encoding): Replace "%t" by a temporary file
name. (Bug#17415)
This is CVE-2014-3424.
Affected #: 2 files
diff -r a6666b7f47e855188107da4650094bd57c000ca4 -r
84bd1ffedb0583106490f0de9a7273e6ae17d534 lisp/ChangeLog
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,12 @@
+2014-05-20 Michael Albinus <michael.albinus(a)gmx.de>
+
+ * tramp-sh.el (tramp-uudecode): Replace the hard-coded temporary
+ file name by a format specifier.
+ (tramp-remote-coding-commands): Enhance docstring.
+ (tramp-find-inline-encoding): Replace "%t" by a temporary file
+ name. (Bug#17415)
+ This is CVE-2014-3424.
+
2014-02-16 Michael Albinus <michael.albinus(a)gmx.de>
Version 2.2.9 released.
diff -r a6666b7f47e855188107da4650094bd57c000ca4 -r
84bd1ffedb0583106490f0de9a7273e6ae17d534 lisp/tramp-sh.el
--- a/lisp/tramp-sh.el
+++ b/lisp/tramp-sh.el
@@ -488,9 +488,9 @@
See `tramp-actions-before-shell' for more info.")
(defconst tramp-uudecode
- "(echo begin 600 /tmp/tramp.$$; tail +2) | uudecode
-cat /tmp/tramp.$$
-rm -f /tmp/tramp.$$"
+ "(echo begin 600 %t; tail -n +2) | uudecode
+cat %t
+rm -f %t"
"Shell function to implement `uudecode' to standard output.
Many systems support `uudecode -o /dev/stdout' or `uudecode -o -'
for this or `uudecode -p', but some systems don't, and for them
@@ -4004,7 +4004,7 @@
\(FORMAT ENCODING DECODING [TEST]\)
-FORMAT is symbol describing the encoding/decoding format. It can be
+FORMAT is a symbol describing the encoding/decoding format. It can be
`b64' for base64 encoding, `uu' for uu encoding, or `pack' for simple
packing.
ENCODING and DECODING can be strings, giving commands, or symbols,
@@ -4014,9 +4014,11 @@
specifier is not present, the input should be read from standard
input.
-If they are variables, this variable is a string containing a Perl
-implementation for this functionality. This Perl program will be transferred
-to the remote host, and it is available as shell function with the same name.
+If they are variables, this variable is a string containing a
+Perl or Shell implementation for this functionality. This
+program will be transferred to the remote host, and it is
+available as shell function with the same name. A \"%t\" format
+specifier in the variable value denotes a temporary file.
The optional TEST command can be used for further tests, whether
ENCODING and DECODING are applicable.")
@@ -4091,10 +4093,25 @@
(throw 'wont-work-remote nil))
(when (not (stringp rem-dec))
- (let ((name (symbol-name rem-dec)))
+ (let ((name (symbol-name rem-dec))
+ (value (symbol-value rem-dec))
+ tmpfile)
(while (string-match (regexp-quote "-") name)
(setq name (replace-match "_" nil t name)))
- (tramp-maybe-send-script vec (symbol-value rem-dec) name)
+ (when (string-match "\\(^\\|[^%]\\)%t" value)
+ (setq tmpfile
+ (make-temp-name
+ (expand-file-name
+ tramp-temp-name-prefix
+ (tramp-get-remote-tmpdir vec)))
+ value
+ (format-spec
+ value
+ (format-spec-make
+ ?t
+ (tramp-file-name-handler
+ 'file-remote-p tmpfile 'localname)))))
+ (tramp-maybe-send-script vec value name)
(setq rem-dec name)))
(tramp-message
vec 5
Repository URL:
https://bitbucket.org/xemacs/tramp/
--
This is a commit notification from
bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
_______________________________________________
XEmacs-Patches mailing list
XEmacs-Patches(a)xemacs.org
http://lists.xemacs.org/mailman/listinfo/xemacs-patches