[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #55557] [PATCH] gropdf, gpinyin, gperl, glilypond, hyphenex can exe
|
From: |
G. Branden Robinson |
|
Subject: |
[bug #55557] [PATCH] gropdf, gpinyin, gperl, glilypond, hyphenex can execute arbitrary commands |
|
Date: |
Tue, 5 Jan 2021 22:17:42 -0500 (EST) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 |
Update of bug #55557 (project groff):
Category: Device gropdf => None
Status: Confirmed => Fixed
Assigned to: deri => gbranden
Open/Closed: Open => Closed
Planned Release: None => 1.23.0
_______________________________________________________
Follow-up Comment #7:
commit bd37e19c1a69b553072c153dbae58ec6ff214297 (HEAD -> master,
origin/master, origin/HEAD)
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date: Wed Jan 6 13:58:20 2021 +1100
ChangeLog: Add entry for Savannah #55557 fix.
Fixes <https://savannah.gnu.org/bugs/?55557>.
commit 27472b5ae548d3dbe933713d488d676708996253
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jan 24 13:39:06 2019 +0000
Avoid Perl's unsafe "<>" operator.
The "<>" operator is implemented using the two-argument form of "open",
which interprets magic such as pipe characters, allowing execution of
arbitrary commands which is unlikely to be expected. Perl >= 5.22 has a
"<<>>" operator which avoids this, but also forbids the use of "-" to
mean the standard input, which is a facility that the affected groff
programs document.
ARGV::readonly would probably also fix this, but I fundamentally dislike
the approach of escaping data in preparation for a language facility to
unescape it, especially when the required escaping is as non-obvious as
it is here. (For the same reason, I prefer to use subprocess invocation
facilities that allow passing the argument list as a list rather than as
a string to be interpreted by the shell.) So I've abandoned this
dubious convenience and changed the affected programs to iterate over
command-line arguments manually using the three-argument form of open.
This change involves an extra level of indentation, so it's a little
awkward to review. It consists of changing this form:
while (<>) { # or foreach, which is similar but less efficient
...
}
... into this:
unshift @ARGV, '-' unless @ARGV;
foreach my $filename (@ARGV) {
my $input;
if ($filename eq '-') {
$input = \*STDIN;
} elsif (not open $input, '<', $filename) {
warn $!;
next;
}
while (<$input>) {
...
}
}
Local variation: glilypond doesn't need the initial unshift since
that's already handled in contrib/glilypond/args.pl.
Fixes: https://bugs.debian.org/920269
[Commit automerged but altered by GBR to omit changes to gropdf, already
handled by Deri James in 2fc912f0751320a1fba0094dded38e2df46d1dbe.]
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?55557>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #55557] [PATCH] gropdf, gpinyin, gperl, glilypond, hyphenex can execute arbitrary commands,
G. Branden Robinson <=