|
Lines 54-61
Link Here
|
| 54 |
? root->cvs_server : getenv ("CVS_SERVER")); |
54 |
? root->cvs_server : getenv ("CVS_SERVER")); |
| 55 |
int i = 0; |
55 |
int i = 0; |
| 56 |
/* This needs to fit "rsh", "-b", "-l", "USER", "host", |
56 |
/* This needs to fit "rsh", "-b", "-l", "USER", "host", |
| 57 |
"cmd (w/ args)", and NULL. We leave some room to grow. */ |
57 |
"--", "host", "cvs", "-R", "server", and NULL. |
| 58 |
char *rsh_argv[10]; |
58 |
We leave some room to grow. */ |
|
|
59 |
char *rsh_argv[16]; |
| 59 |
|
60 |
|
| 60 |
if (!cvs_rsh) |
61 |
if (!cvs_rsh) |
| 61 |
/* People sometimes suggest or assume that this should default |
62 |
/* People sometimes suggest or assume that this should default |
|
Lines 97-102
Link Here
|
| 97 |
rsh_argv[i++] = root->username; |
98 |
rsh_argv[i++] = root->username; |
| 98 |
} |
99 |
} |
| 99 |
|
100 |
|
|
|
101 |
/* Only non-option arguments from here. (CVE-2017-12836) */ |
| 102 |
rsh_argv[i++] = "--"; |
| 103 |
|
| 100 |
rsh_argv[i++] = root->hostname; |
104 |
rsh_argv[i++] = root->hostname; |
| 101 |
rsh_argv[i++] = cvs_server; |
105 |
rsh_argv[i++] = cvs_server; |
| 102 |
rsh_argv[i++] = "server"; |
106 |
rsh_argv[i++] = "server"; |
|
Lines 171-176
Link Here
|
| 171 |
*p++ = root->username; |
175 |
*p++ = root->username; |
| 172 |
} |
176 |
} |
| 173 |
|
177 |
|
|
|
178 |
*p++ = "--"; |
| 179 |
|
| 174 |
*p++ = root->hostname; |
180 |
*p++ = root->hostname; |
| 175 |
*p++ = command; |
181 |
*p++ = command; |
| 176 |
*p++ = NULL; |
182 |
*p++ = NULL; |
