From 6b7cc249ab3ce365f25de30d3e56a80405ec3fcd Mon Sep 17 00:00:00 2001
From: tobias <tobias@openbsd.org>
Date: Sun, 14 Dec 2014 09:12:59 +0000
Subject: [PATCH] Handle ed command "s" as a one line command, which it is.
 Prevents arbitrary ed command executions in following lines.

ok millert
---
 usr.bin/patch/pch.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/usr.bin/patch/pch.c b/usr.bin/patch/pch.c
index 63f910ed5bc..6b45a8fb2c7 100644
--- a/usr.bin/patch/pch.c
+++ b/usr.bin/patch/pch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pch.c,v 1.49 2014/12/13 10:31:07 tobias Exp $	*/
+/*	$OpenBSD: pch.c,v 1.50 2014/12/14 09:12:59 tobias Exp $	*/
 
 /*
  * patch - a program to apply diffs to original files
@@ -1398,10 +1398,10 @@ do_ed_script(void)
 			;
 		/* POSIX defines allowed commands as {a,c,d,i,s} */
 		if (isdigit((unsigned char)*buf) &&
-		    (*t == 'a' || *t == 'c' || *t == 'd' || *t == 'i' || *t == 's')) {
+		    *t != '\0' && strchr("acdis", *t) != NULL) {
 			if (pipefp != NULL)
 				fputs(buf, pipefp);
-			if (*t != 'd') {
+			if (*t != 'd' && *t != 's') {
 				while (pgets(buf, sizeof buf, pfp) != NULL) {
 					p_input_line++;
 					if (pipefp != NULL)
-- 
2.20.1