GNU bug report logs - #59544
[PATCH] Fixed lib-src/etags.c command execute vulnerability

Previous Next

Package: emacs;

Reported by: "lux" <lx <at> shellcodes.org>

Date: Thu, 24 Nov 2022 15:28:02 UTC

Severity: normal

Tags: patch, security

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: "lux" <lx <at> shellcodes.org>
Cc: 59544 <at> debbugs.gnu.org, stefankangas <at> gmail.com
Subject: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
Date: Fri, 25 Nov 2022 14:18:19 +0200

> From: "lux" <lx <at> shellcodes.org>
> Cc: "59544" <59544 <at> debbugs.gnu.org>
> Date: Fri, 25 Nov 2022 14:41:56 +0800
> 
> > That's a possibility, yes.  Although I doubt that people are still using
> > ctags that comes with Emacs (this code fragment runs only in ctags, not in
> > etags).
> 
> I rewrote this code, not use system(1).

Thanks.  I have a few comments:

> +
> +          otags_f = fopen ("OTAGS", "w");
> +          tag_f = fopen (tagfile, "r");

Please use "rb" and "wb" in these fopen calls, so as not to change the EOL
format of the original file.

> +          rename ("OTAGS", tagfile);
> +          unlink ("OTAGS");

We should not delete the original file if 'rename' fails; instead, we should
emit a warning and leave OTAGS alone, so that user could manually rename it.

Can you add a test of this feature to test/manual/etags/Makefile?
This bug report was last modified 2 years and 129 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.