From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.2 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id BAD9C1F518 for ; Tue, 28 May 2024 21:25:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org; s=selector1; t=1716931502; bh=m7dFebGEet/LUpyE3ij9BY4CSXPb4G6/GeGqcWIdE3I=; h=From:To:Subject:Date:From; b=f6/MtdRqQ8HflLUyptRq1dZspeNfsUL6SHVUld1aBUM9v/KpFoAt8yt9WCiQskvys gyyAMgwuPkGNS2izBbRvalmkeF6QpfT9nOMe1esXIh3F0Tusugu1do/EoaYaMOOH3r Z6K18WfTLk2IGLnszpXVPnGP/mhEQgVxTTQaOkh8= From: Eric Wong To: meta@public-inbox.org Subject: [PATCH] search: forbid getopt(3) switch injection in query Date: Tue, 28 May 2024 21:25:02 +0000 Message-ID: <20240528212502.4001299-1-e@80x24.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: Search queries may start with `-', confusing getopt(3) and Getopt::Long; so we use `--' to separate the query string from switches. Fortunately, this doesn't allow writes to on-disk Xapian DBs, but causes aborts on some searches or nonsensical results when using the optional external xap_helper processes. There's no risk of data leaks since the mset xap_helper endpoint only returns document IDs (unsigned integers), and not terms. The biggest danger is may run systems out of space if the system is configured to write out core dumps. --- lib/PublicInbox/Search.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/PublicInbox/Search.pm b/lib/PublicInbox/Search.pm index 25ef49c5..eb5e67ba 100644 --- a/lib/PublicInbox/Search.pm +++ b/lib/PublicInbox/Search.pm @@ -480,7 +480,7 @@ sub async_mset { my ($self, $qry_str, $opt, $cb, @args) = @_; if ($XHC) { # unconditionally retrieving pct + rank for now xdb($self); # populate {nshards} - my @margs = ($self->xh_args, xh_opt($self, $opt)); + my @margs = ($self->xh_args, xh_opt($self, $opt), '--'); my $ret = eval { my $rd = $XHC->mkreq(undef, 'mset', @margs, $qry_str); PublicInbox::XhcMset->maybe_new($rd, $self, $cb, @args);