|
From: | GNU bug Tracking System |
Subject: | bug#59544: closed ([PATCH] Fixed lib-src/etags.c command execute vulnerability) |
Date: | Sun, 27 Nov 2022 18:08:02 +0000 |
Your message dated Sun, 27 Nov 2022 20:07:54 +0200 with message-id <83edtop8xx.fsf@gnu.org> and subject line Re: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability has caused the debbugs.gnu.org bug report #59544, regarding [PATCH] Fixed lib-src/etags.c command execute vulnerability to be marked as done. (If you believe you have received this mail in error, please contact help-debbugs@gnu.org.) -- 59544: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59544 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems
--- Begin Message ---Subject: [PATCH] Fixed lib-src/etags.c command execute vulnerability Hi, In ctags (Emacs <= 28.2.50) has a command execute vulnerability. Date: Thu, 24 Nov 2022 23:27:13 +0800 When using the -u parameter, ctags will execute external shell commands by calling the system() function, if there are special file names, unexpected shell commands may be executed. The example is as follows:$ lsetags.c$ /usr/local/bin/ctags *.c$ touch "'| uname -a #.c"$ /usr/local/bin/ctags -u *.cLinux mypc 6.0.8-300.fc37.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 11 15:09:04 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux^C/usr/local/bin/ctags: failed to execute shell commandThe vulnerability occurs in the following code:char *z = stpcpy (cmd, "mv ");z = stpcpy (z, tagfile);z = stpcpy (z, " OTAGS;grep -Fv '\t");z = stpcpy (z, argbuffer[i].what);z = stpcpy (z, "\t' OTAGS >");z = stpcpy (z, tagfile);strcpy (z, ";rm OTAGS");if (system (cmd) != EXIT_SUCCESS)fatal ("failed to execute shell command");Because the file name is not checked, the file name is used as a concatenated string:mv tags OTAGS;grep -Fv ' '| uname -a #.c ' OTAGS >tags;rm OTAGSEmail attachments are patches.0001-lib-src-etags.c-Fix-ctags-command-execute-vulnerabil.patch
Description: Binary data
--- End Message ---
--- Begin Message ---Subject: Re: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability Date: Sun, 27 Nov 2022 20:07:54 +0200 > Date: Sun, 27 Nov 2022 23:44:07 +0800 > From: lux <lx@shellcodes.org> > > On Sun, 27 Nov 2022 16:15:38 +0200 > Eli Zaretskii <eliz@gnu.org> wrote: > > > But something is wrong with the 2 new tests: they fail. I replaced > > the "good" files with the ones I get on my system, but the test fails > > on another system. Could you please look into the test failures and > > find a fix? > > Hi, I think because the order of the tag data of the files generated by > different OS environments is different. > > I sorted the file using the sort command, test ok. > > ctags_update: CTAGS.good_update ${infiles} > head -n 100 CTAGS.good_update > CTAGS > tail -n 100 CTAGS.good_update >> CTAGS > ${RUN} ${CTAGS_PROG} -o CTAGS -u ${ARGS} > diff -u --suppress-common-lines --width=80 <(sort > CTAGS.good_update) <(sort CTAGS) > > cp crlf CTAGS > ${RUN} ${CTAGS_PROG} -o CTAGS -u ${ARGS} > diff -u --suppress-common-lines --width=80 <(sort > CTAGS.good_crlf) <(sort CTAGS) Thanks, I installed a variant of this using more portable commands. And with that, I'm closing this bug.
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |