mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

emacs: patch CVE-2022-48337

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-48337

Backport the patch that is referenced by he NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-02-27 16:40:32 +01:00
parent 331ff3f94b
commit 77c9119674
2 changed files with 109 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/emacs/emacs_27.2.bb
+1
View File
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464"
SRC_URI = "https://ftp.gnu.org/pub/gnu/emacs/emacs-${PV}.tar.xz \
file://emacs-glibc-2.34.patch \
file://CVE-2022-48337.patch \
"
SRC_URI:append:class-target = " file://usemake-docfile-native.patch"
meta-oe/recipes-support/emacs/files/CVE-2022-48337.patch
+108
View File
@@ -0,0 +1,108 @@
From a10958677d359e016a4e857a9cd7c98258061f5f Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Tue, 6 Dec 2022 15:42:40 +0800
Subject: [PATCH] Fix etags local command injection vulnerability
From: lu4nx <lx@shellcodes.org>
* lib-src/etags.c: (escape_shell_arg_string): New function.
(process_file_name): Use it to quote file names passed to the
shell. (Bug#59817)
CVE: CVE-2022-48337
Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
lib-src/etags.c | 63 +++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 58 insertions(+), 5 deletions(-)
diff --git a/lib-src/etags.c b/lib-src/etags.c
index bb92f2b..7cecfe2 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -397,6 +397,7 @@ static void pfnote (char *, bool, char *, ptrdiff_t, intmax_t, intmax_t);
static void invalidate_nodes (fdesc *, node **);
static void put_entries (node *);
+static char *escape_shell_arg_string (char *);
static char *concat (const char *, const char *, const char *);
static char *skip_spaces (char *);
static char *skip_non_spaces (char *);
@@ -1635,13 +1636,16 @@ process_file_name (char *file, language *lang)
else
{
#if MSDOS || defined (DOS_NT)
- char *cmd1 = concat (compr->command, " \"", real_name);
- char *cmd = concat (cmd1, "\" > ", tmp_name);
+ int buf_len = strlen (compr->command) + strlen (" \"\" > \"\"") + strlen (real_name) + strlen (tmp_name) + 1;
+ char *cmd = xmalloc (buf_len);
+ snprintf (cmd, buf_len, "%s \"%s\" > \"%s\"", compr->command, real_name, tmp_name);
#else
- char *cmd1 = concat (compr->command, " '", real_name);
- char *cmd = concat (cmd1, "' > ", tmp_name);
+ char *new_real_name = escape_shell_arg_string (real_name);
+ char *new_tmp_name = escape_shell_arg_string (tmp_name);
+ int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1;
+ char *cmd = xmalloc (buf_len);
+ snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name);
#endif
- free (cmd1);
int tmp_errno;
if (system (cmd) == -1)
{
@@ -1685,6 +1689,55 @@ process_file_name (char *file, language *lang)
return;
}
+/*
+ * Adds single quotes around a string, if found single quotes, escaped it.
+ * Return a newly-allocated string.
+ *
+ * For example:
+ * escape_shell_arg_string("test.txt") => 'test.txt'
+ * escape_shell_arg_string("'test.txt") => ''\''test.txt'
+ */
+static char *
+escape_shell_arg_string (char *str)
+{
+ char *p = str;
+ int need_space = 2; /* ' at begin and end */
+
+ while (*p != '\0')
+ {
+ if (*p == '\'')
+ need_space += 4; /* ' to '\'', length is 4 */
+ else
+ need_space++;
+
+ p++;
+ }
+
+ char *new_str = xnew (need_space + 1, char);
+ new_str[0] = '\'';
+ new_str[need_space-1] = '\'';
+
+ int i = 1; /* skip first byte */
+ p = str;
+ while (*p != '\0')
+ {
+ new_str[i] = *p;
+ if (*p == '\'')
+ {
+ new_str[i+1] = '\\';
+ new_str[i+2] = '\'';
+ new_str[i+3] = '\'';
+ i += 3;
+ }
+
+ i++;
+ p++;
+ }
+
+ new_str[need_space] = '\0';
+ return new_str;
+}
+
static void
process_file (FILE *fh, char *fn, language *lang)
{