[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #61424] [libgroff] directory traversal in .fp request
From: |
G. Branden Robinson |
Subject: |
[bug #61424] [libgroff] directory traversal in .fp request |
Date: |
Sun, 7 Nov 2021 03:06:57 -0500 (EST) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 |
Update of bug #61424 (project groff):
Status: In Progress => Fixed
Open/Closed: Open => Closed
Planned Release: None => 1.23.0
_______________________________________________________
Follow-up Comment #3:
commit a891161bc94c7b6a6a3572cc82f31e5029078d7b
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date: Sun Nov 7 10:31:02 2021 +1100
[libgroff]: Fix Savannah #61424.
* src/libs/libgroff/fontfile.cpp (font::open_file): Don't open
user-specified font file names with slashes in them; i.e., don't
traverse directories outside the configured font path. Also refuse to
open the file if the `sprintf()` used to construct its file name
doesn't write the expected quantity of bytes to the destination
buffer.
Fixes <https://savannah.gnu.org/bugs/?61424>. Thanks to Ingo Schwarze
for feedback.
commit 52f396189a4a9dd1294b16c6f84fcd47e4359221
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date: Sun Nov 7 02:43:53 2021 +1100
[libgroff]: Regression-test Savannah #61424.
* src/roff/groff/tests/fp_should_not_traverse_directories.sh: Do it.
* src/roff/groff/tests/artifacts/HONEYPOT: Add test artifact.
* src/roff/groff/tests/artifacts/devascii/README: ...and this; we need
an empty directory to make the test work but such things tend to look
unintentional.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?61424>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/