[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
grep branch, master, updated. v3.7-86-g5e3d207
From: |
Paul Eggert |
Subject: |
grep branch, master, updated. v3.7-86-g5e3d207 |
Date: |
Tue, 31 May 2022 21:13:41 -0400 (EDT) |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "grep".
The branch, master has been updated
via 5e3d207d5b7dba28ca248475188a029570766bc1 (commit)
from d92292704950c9b937dc9de54d5eecd822dfc20f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/grep.git/commit/?id=5e3d207d5b7dba28ca248475188a029570766bc1
commit 5e3d207d5b7dba28ca248475188a029570766bc1
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon May 30 17:03:26 2022 -0700
grep: sanity-check GREP_COLOR
This patch closes a longstanding security issue with GREP_COLOR that I
just noticed, where if the attacker has control over GREP_COLOR's
settings the attacker can trash the victim's terminal or have 'grep'
generate misleading output. For example, without the patch
the shell command:
GREP_COLOR="$(printf '31m\33[2J\33[31')" grep --color=always PATTERN
mucks with the screen, leaving behind only the trailing part of
the last matching line. With the patch, this GREP_COLOR is ignored.
* src/grep.c (main): Sanity-check GREP_COLOR contents the same way
GREP_COLORS values are checked, to not trash the user's terminal.
This follows up the recent fix to Bug#55641.
diff --git a/NEWS b/NEWS
index 33658fc..0a18a9e 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,8 @@ GNU grep NEWS -*- outline
-*-
The confusing GREP_COLOR environment variable is now obsolescent.
Instead of GREP_COLOR='xxx', use GREP_COLORS='mt=xxx'. grep now
warns if GREP_COLOR is used and is not overridden by GREP_COLORS.
+ Also, grep now treates GREP_COLOR like GREP_COLORS by silently
+ ignoring it if it attempts to inject ANSI terminal escapes.
Regular expressions with stray backslashes now cause warnings, as
their unspecified behavior can lead to unexpected results.
diff --git a/src/grep.c b/src/grep.c
index edefac6..59d3431 100644
--- a/src/grep.c
+++ b/src/grep.c
@@ -2911,7 +2911,12 @@ main (int argc, char **argv)
/* Legacy. */
char *userval = getenv ("GREP_COLOR");
if (userval != NULL && *userval != '\0')
- selected_match_color = context_match_color = userval;
+ for (char *q = userval; *q == ';' || c_isdigit (*q); q++)
+ if (!q[1])
+ {
+ selected_match_color = context_match_color = userval;
+ break;
+ }
/* New GREP_COLORS has priority. */
parse_grep_colors ();
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 ++
src/grep.c | 7 ++++++-
2 files changed, 8 insertions(+), 1 deletion(-)
hooks/post-receive
--
grep
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- grep branch, master, updated. v3.7-86-g5e3d207,
Paul Eggert <=