GNU bug report logs - #59544
[PATCH] Fixed lib-src/etags.c command execute vulnerability

Previous Next

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: lux <lx <at> shellcodes.org>
Cc: 59544 <at> debbugs.gnu.org, stefankangas <at> gmail.com
Subject: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
Date: Sat, 26 Nov 2022 14:28:22 +0200

> Date: Sat, 26 Nov 2022 18:41:22 +0800
> Cc: 59544 <at> debbugs.gnu.org
> From: lux <lx <at> shellcodes.org>
> 
> > We've lived with this "security issue" for decades, so I see nothing here that justifies
> > "ASAP".
> Maybe someone found it, but didn't publish it?

Fixing it will not magically remove the problem from all the Emacs
installations out there, will it?  It will only help to people who track the
master branch and rebuild Emacs very frequently on top of that.

So the urgency of fixing it is not measured in hours anyway.

> for example, the lib-src/ntlib.c:
> 
> char *
> cuserid (char * s)
> {
>    char * name = getlogin ();
>    if (s)
>      return strcpy (s, name ? name : "");
>    return name;
> }
> 
> before calling the strcpy function, the memory size of the pointer s is 
> not checked, which may destroy the memory space. So, I want to replace 
> it with a safe function, any suggestions?

The above function doesn't seem to be called anywhere in Emacs, so making it
better is a waste of energy.  It should probably be removed.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.