GNU bug report logs - #61201
Installation hint crashes when user names contain at sign

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Tue, 31 Jan 2023 17:06:01 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Csepp <raingloom <at> riseup.net>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: bug-guix <at> gnu.org, 61201 <at> debbugs.gnu.org
Subject: Re: bug#61201: Installation hint crashes when user names contain at
 sign
Date: Fri, 24 Feb 2023 12:18:36 +0100

Ludovic Courtès <ludo <at> gnu.org> writes:

> Ludovic Courtès <ludovic.courtes <at> inria.fr> skribis:
>
>> A funny thing was reported earlier today on the Café Guix channel:
>>
>> $ guix install hello  [17:52]
>> building profile with 5 packages...
>> hint: Backtrace:
>
> [...]
>
>> In guix/ui.scm:
>>     312:5  6 (display-hint _ )
>>   1451:24  5 (texi->plain-text )
>> In texinfo.scm:
>>   1132:22  4 (parse )
>>    980:31  3 (loop #<input: string 2b6e5926be70> (fragment) _ _ )
>>    967:36  2 (loop #<input: string 2b6e5926be70> #f # ?)
>>      92:2  1 (command-spec )
>> In ice-9/boot-9.scm:
>>   1685:16  0 (raise-exception _ #:continuable? )
>>  
>> ice-9/boot-9.scm:1685:16: In procedure raise-exception:
>> Throw to key #E1E1E1">parser-error' with args(#f "Unknown command" univ)'.
>
> Here’s one way to reproduce the bug, showing a crash in ‘display-hint’
> due to an unescaped brace:
>
> $ mkdir /tmp/x{ample
> $ touch /tmp/x{ample/guix.scm
> $ (cd '/tmp/x{ample' ; guix shell)
> guix shell: error: not loading '/tmp/x{ample/guix.scm' because not authorized to do so
> hint: Backtrace:
>           13 (primitive-load "/home/ludo/.config/guix/current/bin/guix")
> In guix/ui.scm:
>    2279:7 12 (run-guix . _)
>   2242:10 11 (run-guix-command _ . _)
> In ice-9/boot-9.scm:
>   1752:10 10 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
> In guix/scripts/shell.scm:
>    308:15  9 (_)
> In guix/ui.scm:
>     312:5  8 (display-hint _ _)
>   1451:24  7 (texi->plain-text _)
> In texinfo.scm:
>   1132:22  6 (parse _)
>    980:31  5 (loop #<input: string 7feb8b300d20> (*fragment*) _ _ _)
>    980:31  4 (loop #<input: string 7feb8b300d20> #f _ _ _)
>    911:31  3 (loop #<input: string 7feb8b300d20> #f #<procedure identity (x)> #f _)
>    746:27  2 (_ #<input: string 7feb8b300d20> #f (example smallexample verbatim lisp smalllisp menu w %) #<procedure 7feb9aea1948 at texin…> …)
> In sxml/ssax/input-parse.scm:
>      88:2  1 (next-token _ _ _ _)
> In ice-9/boot-9.scm:
>   1685:16  0 (raise-exception _ #:continuable? _)
>
> ice-9/boot-9.scm:1685:16: In procedure raise-exception:
> Throw to key `parser-error' with args `(#<input: string 7feb8b300d20> "EOF while reading a token " "reading char data")'.
>
> Ludo’.

Would it be heresy to recommend that plain strings and strings that
contain texinfo markup be separate types to catch this sort of thing?
In 2023 it's pretty embarrassing to have bugs that are basically SQL
injections.
This bug report was last modified 2 years and 87 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.