Update of bug #61424 (project groff):
Status: In Progress => Fixed
Open/Closed: Open => Closed
Planned Release: None => 1.23.0
_______________________________________________________
Follow-up Comment #3:
commit a891161bc94c7b6a6a3572cc82f31e5029078d7b
Author: G. Branden Robinson <[email protected]>
Date: Sun Nov 7 10:31:02 2021 +1100
[libgroff]: Fix Savannah #61424.
* src/libs/libgroff/fontfile.cpp (font::open_file): Don't open
user-specified font file names with slashes in them; i.e., don't
traverse directories outside the configured font path. Also refuse to
open the file if the `sprintf()` used to construct its file name
doesn't write the expected quantity of bytes to the destination
buffer.
Fixes <https://savannah.gnu.org/bugs/?61424>. Thanks to Ingo Schwarze
for feedback.
commit 52f396189a4a9dd1294b16c6f84fcd47e4359221
Author: G. Branden Robinson <[email protected]>
Date: Sun Nov 7 02:43:53 2021 +1100
[libgroff]: Regression-test Savannah #61424.
* src/roff/groff/tests/fp_should_not_traverse_directories.sh: Do it.
* src/roff/groff/tests/artifacts/HONEYPOT: Add test artifact.
* src/roff/groff/tests/artifacts/devascii/README: ...and this; we need
an empty directory to make the test work but such things tend to look
unintentional.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?61424>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
