GNU bug report logs - #59544
[PATCH] Fixed lib-src/etags.c command execute vulnerability

Previous Next

Package: emacs;

Reported by: "lux" <lx <at> shellcodes.org>

Date: Thu, 24 Nov 2022 15:28:02 UTC

Severity: normal

Tags: patch, security

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: "lux" <lx <at> shellcodes.org>
To: "Stefan Kangas" <stefankangas <at> gmail.com>
Cc: 59544 <59544 <at> debbugs.gnu.org>, Eli Zaretskii <eliz <at> gnu.org>
Subject: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
Date: Fri, 25 Nov 2022 16:38:02 +0800

[Message part 1 (text/plain, inline)]
------------------&nbsp;Original&nbsp;------------------
From:                                                                                                                        "Stefan Kangas"                                                                                    <stefankangas <at> gmail.com&gt;;
Date:&nbsp;Fri, Nov 25, 2022 03:53 PM
To:&nbsp;"lux"<lx <at> shellcodes.org&gt;;
Cc:&nbsp;"Eli Zaretskii"<eliz <at> gnu.org&gt;;"59544"<59544 <at> debbugs.gnu.org&gt;;
Subject:&nbsp;Re: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability



"lux" <lx <at> shellcodes.org&gt; writes:

&gt; I rewrote this code, not use system(1).

Thanks.

&gt; From d6bc71f8640efe7caa2657a75c5aa4d8b4f0532c Mon Sep 17 00:00:00 2001
&gt; From: lu4nx <lx <at> shellcodes.org&gt;
&gt; Date: Fri, 25 Nov 2022 14:38:29 +0800
&gt; Subject: [PATCH] * Fixed lib-src/etags.c command execute vulnerability
&gt;
&gt; ---
&gt;&nbsp; lib-src/etags.c | 44 +++++++++++++++++++++++++++++++-------------
&gt;&nbsp; 1 file changed, 31 insertions(+), 13 deletions(-)
&gt;
&gt; diff --git a/lib-src/etags.c b/lib-src/etags.c
&gt; index f665f35fa6..1bb352f565 100644
&gt; --- a/lib-src/etags.c
&gt; +++ b/lib-src/etags.c
&gt; @@ -1387,9 +1387,11 @@ main (int argc, char **argv)
&gt;&nbsp;&nbsp;&nbsp; /* From here on, we are in (CTAGS &amp;&amp; !cxref_style) */
&gt;&nbsp;&nbsp;&nbsp; if (update)
&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; {
&gt; -&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char *cmd =
&gt; -	xmalloc (strlen (tagfile) + whatlen_max +
&gt; -		 sizeof "mv..OTAGS;grep -Fv '\t\t' OTAGS &gt;;rm OTAGS");
&gt; +&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; FILE *otags_f, *tag_f;
&gt; +&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; int buf_len;
&gt; +&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char *buf;
&gt; +&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char line[512];

&gt; Hmm, I'm not sure about the hard-coded 512 character line limit here.
&gt; ISTR that some people use much longer lines than that.

Hi, do you have any suggestions? At present, I think hardcoding 512 is enough, thanks :-)
[Message part 2 (text/html, inline)]
This bug report was last modified 2 years and 129 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.