Update of bug #55557 (project groff):
Category: Device gropdf => None
Status: Confirmed => Fixed
Assigned to: deri => gbranden
Open/Closed: Open => Closed
Planned Release: None => 1.23.0
_______________________________________________________
Follow-up Comment #7:
commit bd37e19c1a69b553072c153dbae58ec6ff214297 (HEAD -> master,
origin/master, origin/HEAD)
Author: G. Branden Robinson <[email protected]>
Date: Wed Jan 6 13:58:20 2021 +1100
ChangeLog: Add entry for Savannah #55557 fix.
Fixes <https://savannah.gnu.org/bugs/?55557>.
commit 27472b5ae548d3dbe933713d488d676708996253
Author: Colin Watson <[email protected]>
Date: Thu Jan 24 13:39:06 2019 +0000
Avoid Perl's unsafe "<>" operator.
The "<>" operator is implemented using the two-argument form of "open",
which interprets magic such as pipe characters, allowing execution of
arbitrary commands which is unlikely to be expected. Perl >= 5.22 has a
"<<>>" operator which avoids this, but also forbids the use of "-" to
mean the standard input, which is a facility that the affected groff
programs document.
ARGV::readonly would probably also fix this, but I fundamentally dislike
the approach of escaping data in preparation for a language facility to
unescape it, especially when the required escaping is as non-obvious as
it is here. (For the same reason, I prefer to use subprocess invocation
facilities that allow passing the argument list as a list rather than as
a string to be interpreted by the shell.) So I've abandoned this
dubious convenience and changed the affected programs to iterate over
command-line arguments manually using the three-argument form of open.
This change involves an extra level of indentation, so it's a little
awkward to review. It consists of changing this form:
while (<>) { # or foreach, which is similar but less efficient
...
}
... into this:
unshift @ARGV, '-' unless @ARGV;
foreach my $filename (@ARGV) {
my $input;
if ($filename eq '-') {
$input = \*STDIN;
} elsif (not open $input, '<', $filename) {
warn $!;
next;
}
while (<$input>) {
...
}
}
Local variation: glilypond doesn't need the initial unshift since
that's already handled in contrib/glilypond/args.pl.
Fixes: https://bugs.debian.org/920269
[Commit automerged but altered by GBR to omit changes to gropdf, already
handled by Deri James in 2fc912f0751320a1fba0094dded38e2df46d1dbe.]
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?55557>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
