[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
|
From: |
Eli Zaretskii |
|
Subject: |
bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability |
|
Date: |
Sat, 26 Nov 2022 14:28:22 +0200 |
> Date: Sat, 26 Nov 2022 18:41:22 +0800
> Cc: 59544@debbugs.gnu.org
> From: lux <lx@shellcodes.org>
>
> > We've lived with this "security issue" for decades, so I see nothing here
> > that justifies
> > "ASAP".
> Maybe someone found it, but didn't publish it?
Fixing it will not magically remove the problem from all the Emacs
installations out there, will it? It will only help to people who track the
master branch and rebuild Emacs very frequently on top of that.
So the urgency of fixing it is not measured in hours anyway.
> for example, the lib-src/ntlib.c:
>
> char *
> cuserid (char * s)
> {
> char * name = getlogin ();
> if (s)
> return strcpy (s, name ? name : "");
> return name;
> }
>
> before calling the strcpy function, the memory size of the pointer s is
> not checked, which may destroy the memory space. So, I want to replace
> it with a safe function, any suggestions?
The above function doesn't seem to be called anywhere in Emacs, so making it
better is a waste of energy. It should probably be removed.
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, (continued)
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/25
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability,
Eli Zaretskii <=
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Stefan Kangas, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- Message not available
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/26
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, lux, 2022/11/27
- bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability, Eli Zaretskii, 2022/11/27