From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability Date: Sat, 26 Nov 2022 14:28:22 +0200 Message-ID: <835yf1ucgp.fsf@gnu.org> References: <837czkw7sl.fsf@gnu.org> <8335a8w643.fsf@gnu.org> <83fse7ut10.fsf@gnu.org> <83cz9at42n.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="34973"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 59544@debbugs.gnu.org, stefankangas@gmail.com To: lux Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Nov 26 13:29:25 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oyuJA-0008sY-OY for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 26 Nov 2022 13:29:24 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oyuIz-0006xE-Qm; Sat, 26 Nov 2022 07:29:13 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oyuIq-0006w4-CA for bug-gnu-emacs@gnu.org; Sat, 26 Nov 2022 07:29:06 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oyuIp-0000Ub-QL for bug-gnu-emacs@gnu.org; Sat, 26 Nov 2022 07:29:03 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oyuIo-0001W8-LY for bug-gnu-emacs@gnu.org; Sat, 26 Nov 2022 07:29:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 26 Nov 2022 12:29:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 59544 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security patch Original-Received: via spool by 59544-submit@debbugs.gnu.org id=B59544.16694656935772 (code B ref 59544); Sat, 26 Nov 2022 12:29:02 +0000 Original-Received: (at 59544) by debbugs.gnu.org; 26 Nov 2022 12:28:13 +0000 Original-Received: from localhost ([127.0.0.1]:38077 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyuI1-0001V2-FW for submit@debbugs.gnu.org; Sat, 26 Nov 2022 07:28:13 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:54258) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyuHx-0001Ul-Or for 59544@debbugs.gnu.org; Sat, 26 Nov 2022 07:28:12 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oyuHr-0000IU-9N; Sat, 26 Nov 2022 07:28:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=LMP8opA5RW0iWAkyZteNVCRAvl8xvJRWoJk6Haw/iNU=; b=Bll1J33NbYmvuzkwEODt yRUaD7nxXp1Io/dkLBM8D1VIn1aDF9B2+iKOzqm7WMtAPIgG4VXmEvf5hKpUdyi4OfLub1VRg8QjQ CzUVb2qXyzF0vyqhPqyGc78rEfxrcnlrG5hAwNfwBcOLPH/tf8iPY9FPzLUrKuKBioKT9eDgsF8YK 4nMQYkgqCkH1TGP5vISzaOGtjIwE6rsWkQMzXDJ6MluMSh8Az1NseewquhA77vOhGXadReLaWMjkv 2ewwlULoK8Mcwmz83t6OqGne2T3RyvsTwCiW4AxAq70FmcrSn+wPzUPBswYClIlrVqVFSu/MG8wB6 WyLLTD9kd3eWow==; Original-Received: from [87.69.77.57] (helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oyuHm-0000LM-ON; Sat, 26 Nov 2022 07:27:59 -0500 In-Reply-To: (message from lux on Sat, 26 Nov 2022 18:41:22 +0800) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:249076 Archived-At: > Date: Sat, 26 Nov 2022 18:41:22 +0800 > Cc: 59544@debbugs.gnu.org > From: lux > > > We've lived with this "security issue" for decades, so I see nothing here that justifies > > "ASAP". > Maybe someone found it, but didn't publish it? Fixing it will not magically remove the problem from all the Emacs installations out there, will it? It will only help to people who track the master branch and rebuild Emacs very frequently on top of that. So the urgency of fixing it is not measured in hours anyway. > for example, the lib-src/ntlib.c: > > char * > cuserid (char * s) > { >   char * name = getlogin (); >   if (s) >     return strcpy (s, name ? name : ""); >   return name; > } > > before calling the strcpy function, the memory size of the pointer s is > not checked, which may destroy the memory space. So, I want to replace > it with a safe function, any suggestions? The above function doesn't seem to be called anywhere in Emacs, so making it better is a waste of energy. It should probably be removed.