[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
From: |
Eli Zaretskii |
Subject: |
bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability |
Date: |
Fri, 25 Nov 2022 14:18:19 +0200 |
> From: "lux" <lx@shellcodes.org>
> Cc: "59544" <59544@debbugs.gnu.org>
> Date: Fri, 25 Nov 2022 14:41:56 +0800
>
> > That's a possibility, yes. Although I doubt that people are still using
> > ctags that comes with Emacs (this code fragment runs only in ctags, not in
> > etags).
>
> I rewrote this code, not use system(1).
Thanks. I have a few comments:
> +
> + otags_f = fopen ("OTAGS", "w");
> + tag_f = fopen (tagfile, "r");
Please use "rb" and "wb" in these fopen calls, so as not to change the EOL
format of the original file.
> + rename ("OTAGS", tagfile);
> + unlink ("OTAGS");
We should not delete the original file if 'rename' fails; instead, we should
emit a warning and leave OTAGS alone, so that user could manually rename it.
Can you add a test of this feature to test/manual/etags/Makefile?
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/24
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/24
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/24
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/24
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/24
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability,
Eli Zaretskii <=
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26