setop/pyenv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CVE-2022-35861: Fixed relative path traversal due to using version string in path (#2412)

Browse Source
This commit is contained in:
James Stronz 2022-07-16 15:01:04 -07:00 committed by GitHub
parent 0eba0a5bd5
commit 22fa683571
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libexec/pyenv-version-file-read
View File

@ -11,7 +11,14 @@ if [ -s "$VERSION_FILE" ]; then
IFS="${IFS}"$'\r' IFS="${IFS}"$'\r'
sep= sep=
while read -n 1024 -r version _ || [[ $version ]]; do while read -n 1024 -r version _ || [[ $version ]]; do
[[ -z $version || $version == \#* ]] && continue if [[ -z $version || $version == \#* ]]; then
# Skip empty lines and comments
continue
elif [ "$version" = ".." ] || [[ $version == */* ]]; then
# The version string is used to construct a path and we skip dubious values.
# This prevents issues such as path traversal (CVE-2022-35861).
continue
fi
printf "%s%s" "$sep" "$version" printf "%s%s" "$sep" "$version"
sep=: sep=:
done <"$VERSION_FILE" done <"$VERSION_FILE"

12
test/version-file-read.bats
View File

@ -82,3 +82,15 @@ IN
run pyenv-version-file-read my-version run pyenv-version-file-read my-version
assert_success "3.9.3:3.8.9:2.7.16" assert_success "3.9.3:3.8.9:2.7.16"
} }
@test "skips relative path traversal" {
cat > my-version <<IN
3.9.3
3.8.9
..
./*
2.7.16
IN
run pyenv-version-file-read my-version
assert_success "3.9.3:3.8.9:2.7.16"
}