bug-patch
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-patch] patch returning invalid filename EXDEV for normal files

From: Flavio Leitner
Subject: [bug-patch] patch returning invalid filename EXDEV for normal files
Date: Tue, 7 Apr 2015 20:53:24 -0300 
(please keep myself on CC because I am not subscribed to the list)

Hello,

I am testing with patch-2.7.5-1.fc21.src.rpm which seems to be
close to branch master's tip and also with git master's tip:

The issue is that I can't apply a patch on a file that in out of
my workdir.  It's a regular file, not a symlink.

This is the directory structure:
address@hidden a]$ find
.
./fix.patch
./file_with_bug
./b

Checking the types:
address@hidden a]$ ls -la
total 8
drwxrwxr-x.  3 fleitner fleitner  100 Apr  7 20:22 .
drwxrwxrwt. 18 root     root      520 Apr  7 20:22 ..
drwxrwxr-x.  2 fleitner fleitner   40 Apr  7 20:21 b
-rw-rw-r--.  1 fleitner fleitner 2280 Apr  7 18:25 file_with_bug
-rw-rw-r--.  1 fleitner fleitner 2113 Apr  7 18:25 fix.patch

Get into 'b' as workdir and apply the patch:
address@hidden a]$ cd b
address@hidden b]$ patch -p0 ../file_with_bug ../fix.patch 
Invalid file name ../file_with_bug -- skipping patch
address@hidden b]$ 

I suspect that the following commit might have introduced the issue:

commit ef609c26b22e5d6ea3c891e4c87ab1c679146f5f
Author: Andreas Gruenbacher <address@hidden>
Date:   Sat Feb 21 20:13:04 2015 +0100

    Follow directory symlinks within the working directory
    
    * src/safe.c (struct symlink): A symlink to resolve.
    (push_symlink, pop_symlink): New functions.
    (read_symlink): Create a new symlink stack entry.
    (traverse_next): Follow ".." components within the working
    directory. When hitting symlinks, "follow" them by reading and
    returning them. (traverse_another_path): Recursively traverse
    symlinks.


The error comes from:
+traverse_next()
[...]
+  if (**path == '.' && *(*path + 1) == '.' && *path + 2 == p)
+    {
+      entry = dir->parent;
+      if (! entry)
+       {
+         /* Must not leave the working tree. */
>+         errno = EXDEV;   <------------ HERE
+         goto out;
+       }
+      assert (dir->next == dir);
+      lru_list_add (dir, &lru_list);
+      goto skip;
+    }


The first attempt is with the above commit applied and the second one is
with the commit reverted.

address@hidden b]$ /home/fleitner/repo/patch/src/patch -p0 ../file_with_bug  
../fix.patch 
/home/fleitner/repo/patch/src/patch: **** Can't create temporary
file ../file_with_bug.osPpkQc : Invalid cross-device link

address@hidden b]$ /home/fleitner/repo/patch/src/patch -p0 ../file_with_bug  
../fix.patch
patching file ../file_with_bug
Hunk #1 FAILED at 4669.
1 out of 1 hunk FAILED -- saving rejects to file ../file_with_bug.rej
[...]

I haven't looked at the CVE but I presume it should forbid symlinks
outside of workdir, but what about regular files like above?

Thanks
fbl
reply via email to
[Prev in Thread] Current Thread [Next in Thread]