import ctags-5.8-23.el8

This commit is contained in:
CentOS Sources 2023-03-28 10:06:02 +00:00 committed by root
parent fb71ec2c09
commit 3c370ff357
2 changed files with 159 additions and 1 deletions

View File

@ -0,0 +1,152 @@
commit 2b7cd725d0612f13eb5a461778ca525cd489119b
Author: Masatake YAMATO <yamato@redhat.com>
Date: Tue Dec 13 05:16:00 2022 +0900
main: quote output file name before passing it to system(3) function
Following command line doesn't work:
$ ctags -o 'a b' ...
because a shell lauched from system(3) deals a whitespace between 'a'
and 'b' as a separator. The output file name is passed to system(3)
to run external sort command.
This commit adds code to put double and single quoets around the output
file name before passing it to system(3).
The issue is reported by Lorenz Hipp <lhipp@idealbonn.de> in a private mail.
This commit is based on e00c55d7a0204dc1d0ae316141323959e1e16162 of
Universal Ctags <https://github.com/universal-ctags/ctags>.
An example session of RHEL8:
[yamato@control]/tmp/ctags-5.8% git clone ssh://git@gitlab.consulting.redhat.com:2222/yamato/temp-test.git
Cloning into 'temp-test'...
Enter passphrase for key '/home/yamato/.ssh/id_rsa':
remote: Enumerating objects: 4, done.
remote: Counting objects: 100% (4/4), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 4 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (4/4), done.
[yamato@control]/tmp/ctags-5.8% cd temp-test
[yamato@control]/tmp/ctags-5.8/temp-test% ls -l ~/.ctags
ls: cannot access '/home/yamato/.ctags': No such file or directory
[yamato@control]/tmp/ctags-5.8/temp-test% ../ctags hello.c
[yamato@control]/tmp/ctags-5.8/temp-test% ls
hello.c 'tags tags; echo Hi $(id -un), your systems is cracked!'
[yamato@control]/tmp/ctags-5.8/temp-test% valgrind ../ctags hello.c
==2076943== Memcheck, a memory error detector
==2076943== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2076943== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==2076943== Command: ../ctags hello.c
==2076943==
==2076943==
==2076943== HEAP SUMMARY:
==2076943== in use at exit: 0 bytes in 0 blocks
==2076943== total heap usage: 5,048 allocs, 5,048 frees, 365,311 bytes allocated
==2076943==
==2076943== All heap blocks were freed -- no leaks are possible
==2076943==
==2076943== For lists of detected and suppressed errors, rerun with: -s
==2076943== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
diff --git a/sort.c b/sort.c
index 09ba87a..fd60a94 100644
--- a/sort.c
+++ b/sort.c
@@ -53,17 +53,44 @@ extern void catFile (const char *const name)
# define PE_CONST const
#endif
+/*
+ Output file name should not be evaluated in system(3) function.
+ The name must be used as is. Quotations are required to block the
+ evaluation.
+
+ Normal single-quotes are used to quote a cstring:
+ a => 'a'
+ " => '"'
+
+ If a single-quote is included in the cstring, use double quotes for quoting it.
+ ' => ''"'"''
+*/
+static void appendCstringWithQuotes (vString *dest, const char* cstr)
+{
+ const char* o;
+
+ vStringPut (dest, '\'');
+ for (o = cstr; *o; o++)
+ {
+ if (*o == '\'')
+ vStringCatS (dest, "'\"'\"'");
+ else
+ vStringPut (dest, *o);
+ }
+ vStringPut (dest, '\'');
+}
+
extern void externalSortTags (const boolean toStdout)
{
const char *const sortNormalCommand = "sort -u -o";
const char *const sortFoldedCommand = "sort -u -f -o";
const char *sortCommand =
Option.sorted == SO_FOLDSORTED ? sortFoldedCommand : sortNormalCommand;
+# ifndef HAVE_SETENV
PE_CONST char *const sortOrder1 = "LC_COLLATE=C";
PE_CONST char *const sortOrder2 = "LC_ALL=C";
- const size_t length = 4 + strlen (sortOrder1) + strlen (sortOrder2) +
- strlen (sortCommand) + (2 * strlen (tagFileName ()));
- char *const cmd = (char *) malloc (length + 1);
+# endif
+ vString *cmd = vStringNew ();
int ret = -1;
if (cmd != NULL)
@@ -73,20 +100,35 @@ extern void externalSortTags (const boolean toStdout)
#ifdef HAVE_SETENV
setenv ("LC_COLLATE", "C", 1);
setenv ("LC_ALL", "C", 1);
- sprintf (cmd, "%s %s %s", sortCommand, tagFileName (), tagFileName ());
+ vStringCatS (cmd, sortCommand);
+ vStringPut (cmd, ' ');
+ appendCstringWithQuotes (cmd, tagFileName ());
+ vStringPut (cmd, ' ');
+ appendCstringWithQuotes (cmd, tagFileName ());
#else
# ifdef HAVE_PUTENV
putenv (sortOrder1);
putenv (sortOrder2);
- sprintf (cmd, "%s %s %s", sortCommand, tagFileName (), tagFileName ());
+ vStringCatS (cmd, sortCommand);
+ vStringPut (cmd, ' ');
+ appendCstringWithQuotes (cmd, tagFileName ());
+ vStringPut (cmd, ' ');
+ appendCstringWithQuotes (cmd, tagFileName ());
# else
- sprintf (cmd, "%s %s %s %s %s", sortOrder1, sortOrder2, sortCommand,
- tagFileName (), tagFileName ());
+ vStringCatS (cmd, sortOrder1);
+ vStringPut (cmd, ' ');
+ vStringCatS (cmd, sortOrder2);
+ vStringPut (cmd, ' ');
+ vStringCatS (cmd, sortCommand);
+ vStringPut (cmd, ' ');
+ appendCstringWithQuotes (cmd, tagFileName ());
+ vStringPut (cmd, ' ');
+ appendCstringWithQuotes (cmd, tagFileName ());
# endif
#endif
- verbose ("system (\"%s\")\n", cmd);
- ret = system (cmd);
- free (cmd);
+ verbose ("system (\"%s\")\n", vStringValue (cmd));
+ ret = system (vStringValue (cmd));
+ vStringDelete (cmd);
}
if (ret != 0)

View File

@ -1,7 +1,7 @@
Summary: A C programming language indexing and/or cross-reference tool
Name: ctags
Version: 5.8
Release: 22%{?dist}
Release: 23%{?dist}
License: GPLv2+ and LGPLv2+ and Public Domain
Group: Development/Tools
URL: http://ctags.sourceforge.net/
@ -14,6 +14,7 @@ Patch4: ctags-5.8-cssparse.patch
Patch5: ctags-5.8-memmove.patch
Patch6: ctags-5.8-format-security.patch
Patch7: ctags-CVE-2014-7204.patch
Patch8: ctags-CVE-2022-4515.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
@ -55,6 +56,7 @@ Note: some command line options is not compatible with GNU etags.
%patch5 -p1 -b .memmove
%patch6 -p1 -b .fmt-sec
%patch7 -p1 -b .CVE-2014-7204
%patch8 -p1 -b .CVE-2022-4515
%build
%configure
@ -98,6 +100,10 @@ rm -rf %{buildroot}
%{_mandir}/man1/etags.%{name}.1*
%changelog
* Thu Dec 15 2022 Felipe Borges <feborges@redhat.com> - 5.8-23
- CVE-2022-4515, arbitrary code execution issue
Resolves: rhbz#2153787
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.8-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild