Lines 54-61
Link Here
|
54 |
? root->cvs_server : getenv ("CVS_SERVER")); |
54 |
? root->cvs_server : getenv ("CVS_SERVER")); |
55 |
int i = 0; |
55 |
int i = 0; |
56 |
/* This needs to fit "rsh", "-b", "-l", "USER", "host", |
56 |
/* This needs to fit "rsh", "-b", "-l", "USER", "host", |
57 |
"cmd (w/ args)", and NULL. We leave some room to grow. */ |
57 |
"--", "host", "cvs", "-R", "server", and NULL. |
58 |
char *rsh_argv[10]; |
58 |
We leave some room to grow. */ |
|
|
59 |
char *rsh_argv[16]; |
59 |
|
60 |
|
60 |
if (!cvs_rsh) |
61 |
if (!cvs_rsh) |
61 |
/* People sometimes suggest or assume that this should default |
62 |
/* People sometimes suggest or assume that this should default |
Lines 97-102
Link Here
|
97 |
rsh_argv[i++] = root->username; |
98 |
rsh_argv[i++] = root->username; |
98 |
} |
99 |
} |
99 |
|
100 |
|
|
|
101 |
/* Only non-option arguments from here. (CVE-2017-12836) */ |
102 |
rsh_argv[i++] = "--"; |
103 |
|
100 |
rsh_argv[i++] = root->hostname; |
104 |
rsh_argv[i++] = root->hostname; |
101 |
rsh_argv[i++] = cvs_server; |
105 |
rsh_argv[i++] = cvs_server; |
102 |
rsh_argv[i++] = "server"; |
106 |
rsh_argv[i++] = "server"; |
Lines 171-176
Link Here
|
171 |
*p++ = root->username; |
175 |
*p++ = root->username; |
172 |
} |
176 |
} |
173 |
|
177 |
|
|
|
178 |
*p++ = "--"; |
179 |
|
174 |
*p++ = root->hostname; |
180 |
*p++ = root->hostname; |
175 |
*p++ = command; |
181 |
*p++ = command; |
176 |
*p++ = NULL; |
182 |
*p++ = NULL; |