From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.bugs Subject: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability Date: Fri, 25 Nov 2022 16:43:40 -0800 Message-ID: References: <837czkw7sl.fsf@gnu.org> <8335a8w643.fsf@gnu.org> <83fse7ut10.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="3375"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 59544 <59544@debbugs.gnu.org> To: lux , Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Nov 26 01:44:25 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oyjIu-0000ft-Qe for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 26 Nov 2022 01:44:24 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oyjIZ-0004gj-Mf; Fri, 25 Nov 2022 19:44:03 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oyjIY-0004gZ-NS for bug-gnu-emacs@gnu.org; Fri, 25 Nov 2022 19:44:02 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oyjIY-0002kT-F2 for bug-gnu-emacs@gnu.org; Fri, 25 Nov 2022 19:44:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oyjIY-0000AJ-AK for bug-gnu-emacs@gnu.org; Fri, 25 Nov 2022 19:44:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Kangas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 26 Nov 2022 00:44:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 59544 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security patch Original-Received: via spool by 59544-submit@debbugs.gnu.org id=B59544.1669423429608 (code B ref 59544); Sat, 26 Nov 2022 00:44:02 +0000 Original-Received: (at 59544) by debbugs.gnu.org; 26 Nov 2022 00:43:49 +0000 Original-Received: from localhost ([127.0.0.1]:37452 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyjIL-00009k-8H for submit@debbugs.gnu.org; Fri, 25 Nov 2022 19:43:49 -0500 Original-Received: from mail-oi1-f182.google.com ([209.85.167.182]:41784) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyjII-00009V-Lb for 59544@debbugs.gnu.org; Fri, 25 Nov 2022 19:43:47 -0500 Original-Received: by mail-oi1-f182.google.com with SMTP id l127so5990222oia.8 for <59544@debbugs.gnu.org>; Fri, 25 Nov 2022 16:43:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=cuBbHzqQpFB/k0kqykKnmifrqw2pZXHSMQEPJDnZwX8=; b=HwwmBoSYVv3F3GO7MOqfGtkEMxGH1gK/4ZDtZDZO/HJcT9GxoLbiQPcBBz0KZZzM+p 480s6HIAfm3egIu54TAVFn6Ka694R7knDocP36mq9Sq/oLMWXN09FNm3qHMMJAobAT9y hFs542MlYR3pxCrQS+8SiohT8yVXLFA6S4JEb/aGPX0mIRpFCScIwd4/NutxQebyN4Uh D5JCWGkNJFw2WaOR+5JocGTCTF78ogxgsA9LQPHJGotl/FSzFHjJMeE2llPi3/vMj12z m4/rI0w7v+Ns+TSSmBzC64ipOTZDDOL32hlnA9x70TPxsGkD/LKyOBDpnR87OmCjBtGy 7GRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cuBbHzqQpFB/k0kqykKnmifrqw2pZXHSMQEPJDnZwX8=; b=H1HpIwJiYQe1eOog3Dw/3ROAZ8BkwcOvQ1ppIOMOgdJKVeWgLcxk0s0qZ5Fx28g0xZ SFMDgHP2ltSOT/CwA0mVwR+6mkwVIA53N5gdMEIxRi+rqwnfUh0wVjzzhhEWOhqg5/Tt PaTNlksuzG13qzw05fv+mkeMrfeHKxYQBQzX6VasJ82SVtOQEJiAiWz2+mMqOt9tJ7n0 vrq8x7DHWEo7BG5+u7PKvaJVkagdmRTMdbF6smRpb3rI4LBSNlxCbmM348kt7/megakd jI/RRr+hSsL1jkLB4sqr6idRPH9ilbu5d2KzMmmOz0ZrlsdMHkGFug0FL41aiSFrKiPE WqEw== X-Gm-Message-State: ANoB5pkIMf5w5ohQvu2MPyxAQf4Wk0H/+a8AlgEw/PoPtoQHbJ4vsEIM kvTDv2EFP5ngmGzUsARwVzxAyqBExdXLxDOX8z0= X-Google-Smtp-Source: AA0mqf4wuf1k32BSgdtCqouKCLE+VIeAcXRb0EiBLiBfCfl1DS+GIez/caadkFVu2xEZwWH9/C1om6LSVo8EDnmAT5I= X-Received: by 2002:a05:6808:2229:b0:35b:2b17:af81 with SMTP id bd41-20020a056808222900b0035b2b17af81mr10649422oib.199.1669423420823; Fri, 25 Nov 2022 16:43:40 -0800 (PST) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Fri, 25 Nov 2022 16:43:40 -0800 In-Reply-To: X-Hashcash: 1:20:221126:lx@shellcodes.org::s3SQoQOrS94oTNIP:6vJp X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:249028 Archived-At: "lux" writes: > + FILE *otags_f = fopen ("OTAGS", "wb"); > + FILE *tag_f = fopen (tagfile, "rb"); > + > + if (otags_f == NULL) > + pfatal ("OTAGS"); ^^ Two spurious spaces here. Other than that, LGTM.