testing/nvi: new aport

Including a subset of the debian patchset.

1 files changed, 58 insertions, 0 deletions

diff --git a/testing/nvi/21exrc_writability_check.patch b/testing/nvi/21exrc_writability_check.patch
new file mode 100644
index 0000000000..e310931c05
--- /dev/null
+++ b/testing/nvi/21exrc_writability_check.patch
@@ -0,0 +1,58 @@
+From: <hesso@pool.math.tu-berlin.de>
+Subject: No description.
+
+diff -Naur nvi-1.81.6.orig/ex/ex_init.c nvi-1.81.6/ex/ex_init.c
+--- nvi-1.81.6.orig/ex/ex_init.c	2007-11-18 17:41:42.000000000 +0100
++++ nvi-1.81.6/ex/ex_init.c	2008-05-01 18:24:45.000000000 +0200
+@@ -26,6 +26,9 @@
+ #include <string.h>
+ #include <unistd.h>
+ 
++#include <pwd.h>
++#include <grp.h>
++
+ #include "../common/common.h"
+ #include "tag.h"
+ #include "pathnames.h"
+@@ -346,6 +349,9 @@
+ 	int nf1, nf2;
+ 	char *a, *b, buf[MAXPATHLEN];
+ 
++	struct group *grp_p;
++	struct passwd *pwd_p;
++
+ 	/* Check for the file's existence. */
+ 	if (stat(path, sbp))
+ 		return (NOEXIST);
+@@ -359,10 +365,30 @@
+ 	}
+ 
+ 	/* Check writeability. */
+-	if (sbp->st_mode & (S_IWGRP | S_IWOTH)) {
++	if (sbp->st_mode & S_IWOTH) {
+ 		etype = WRITER;
+ 		goto denied;
+ 	}
++	if (sbp->st_mode & S_IWGRP) {
++		/* on system error (getgrgid or getpwnam return NULL) set etype to WRITER
++		 * and continue execution */
++		if( (grp_p = getgrgid(sbp->st_gid)) == NULL) {
++			etype = WRITER;
++			goto denied;
++		}
++
++		/* lookup the group members' uids for an uid different from euid */
++		while( ( *(grp_p->gr_mem) ) != NULL) { /* gr_mem is a null-terminated array */
++			if( (pwd_p = getpwnam(*(grp_p->gr_mem)++)) == NULL) {
++				etype = WRITER;
++				goto denied;
++			}
++			if(pwd_p->pw_uid != euid) {
++				etype = WRITER;
++				goto denied;
++			}
++		}
++	}
+ 	return (RCOK);
+ 
+ denied:	a = msg_print(sp, path, &nf1);