[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#59817: [PATCH] Fix etags local command injection vulnerability
From: |
Eli Zaretskii |
Subject: |
bug#59817: [PATCH] Fix etags local command injection vulnerability |
Date: |
Tue, 06 Dec 2022 14:55:09 +0200 |
> Date: Tue, 6 Dec 2022 15:48:10 +0800
> From: lux <lx@shellcodes.org>
> Cc: Stefan Kangas <stefankangas@gmail.com>, 59817@debbugs.gnu.org
>
> @@ -1716,8 +1717,12 @@ process_file_name (char *file, language *lang)
> char *cmd1 = concat (compr->command, " \"", real_name);
> char *cmd = concat (cmd1, "\" > ", tmp_name);
> #else
> - char *cmd1 = concat (compr->command, " '", real_name);
> - char *cmd = concat (cmd1, "' > ", tmp_name);
> + char *new_real_name = escape_shell_arg_string (real_name);
> + char *new_tmp_name = escape_shell_arg_string (tmp_name);
> + char *cmd1 = concat (compr->command, " ", new_real_name);
> + char *cmd = concat (cmd1, " > ", new_tmp_name);
> + free (new_real_name);
> + free (new_tmp_name);
> #endif
The "MSDOS || DOS_NT" case also needs a small change:
> char *cmd = concat (cmd1, "\" > ", tmp_name);
This doesn't quote tmp_name; it should.
> +static char*
^^
There should be a space before "*".
> + if (*p == '\'')
> + {
> + new_str[i+1] = '\\';
> + new_str[i+2] = '\'';
> + new_str[i+3] = '\'';
> + i += 3;
I don't understand why you are adding ''\'' and not just \'. Wouldn't the
latter work for some reason?
Thanks.
- bug#59817: [PATCH] Fix etags local command injection vulnerability, lux, 2022/12/04
- bug#59817: [PATCH] Fix etags local command injection vulnerability, Eli Zaretskii, 2022/12/04
- bug#59817: [PATCH] Fix etags local command injection vulnerability, Stefan Kangas, 2022/12/04
- Message not available
- bug#59817: [PATCH] Fix etags local command injection vulnerability, Eli Zaretskii, 2022/12/05
- bug#59817: [PATCH] Fix etags local command injection vulnerability, lux, 2022/12/06
- bug#59817: [PATCH] Fix etags local command injection vulnerability,
Eli Zaretskii <=
- bug#59817: [PATCH] Fix etags local command injection vulnerability, lux, 2022/12/06
- bug#59817: [PATCH] Fix etags local command injection vulnerability, Eli Zaretskii, 2022/12/06
- bug#59817: [PATCH] Fix etags local command injection vulnerability, Francesco Potortì, 2022/12/06
- bug#59817: [PATCH] Fix etags local command injection vulnerability, Francesco Potortì, 2022/12/06
- bug#59817: [PATCH] Fix etags local command injection vulnerability, lux, 2022/12/06
- bug#59817: [PATCH] Fix etags local command injection vulnerability, Eli Zaretskii, 2022/12/06
- bug#59817: [PATCH] Fix etags local command injection vulnerability, Andreas Schwab, 2022/12/06
- bug#59817: [PATCH] Fix etags local command injection vulnerability, Eli Zaretskii, 2022/12/06
bug#59817: [PATCH] Fix etags local command injection vulnerability, lux, 2022/12/04