Bug#897426: Unix pathnames being misinterpreted as commands

2018-09-01 Thread Mattia Rizzolo 
Hi Matthew,

On Thu, May 03, 2018 at 10:39:45AM +0200, Mattia Rizzolo wrote:
> The concept sounds good to me, could you please try to get this uptream?
> 
> The github project is https://github.com/hexchat/hexchat

Looking if you had the time to submit a PR upstream for this :)

I privately pointed this bug to the upstream developer, and it looked
like he would be in favor of this change!

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#897426: Unix pathnames being misinterpreted as commands

2018-05-03 Thread Mattia Rizzolo 
Control: tag -1 upstream

On Wed, May 02, 2018 at 06:31:50AM -0700, Matthew Wilcox wrote:
> Package: hexchat
> Version: 2.14.1-2
> Tags: patch
> 
> If I try to paste output into hexchat, it will attempt to interpret any
> unix pathnames as IRC commands.  For example:
> 
>[CC]t_truncate_self
> /bin/bash ../libtool --quiet --tag=CC --mode=link gcc t_truncate_self.c -o 
> t_truncate_self -g -O2 -g -O2 -DDEBUG  -I../include -DVERSION=\"1.1.1\" 
> -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -funsigned-char -fno-strict-aliasing 
> -Wall -DHAVE_FALLOCATE   -lattr /usr/lib/libhandle.la -lacl -lpthread   
> ../lib/libtest.la
> libtool:   error: cannot find the library '/usr/lib/libhandle.la' or 
> unhandled argument '/usr/lib/libhandle.la'
> 
> will not paste the second line as text to the person I'm having a
> conversation with; rather it will attempt to interpret the second line
> as a command, and the conversation gets derailed with missing lines.

Yeah, it's a somewhat annoying thing I noticed myself.

> Hexchat used to have code to detect unix pathnames, but it's currently
> commented out.  I've written and lightly tested a better heuristic --
> IRC commands do not contain a /, so if we see a / before we see a space,
> we can infer this is not an IRC command.
> 
> This is a superset of the current test for "//" at the beginning of
> a string, so delete that check as well.
> 
> Description: Don't interpret unix pathnames as commands
>  Replace the list of common unix pathnames with a simpler heuristic;
>  if there are two '/' characters before there is a ' ', this cannot be an
>  IRC command, so just send it to the server as text instead of a command.
> Author: Matthew Wilcox 

The concept sounds good to me, could you please try to get this uptream?

The github project is https://github.com/hexchat/hexchat


Thanks!

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#897426: Unix pathnames being misinterpreted as commands

2018-05-02 Thread Matthew Wilcox 
Package: hexchat
Version: 2.14.1-2
Tags: patch

If I try to paste output into hexchat, it will attempt to interpret any
unix pathnames as IRC commands.  For example:

   [CC]t_truncate_self
/bin/bash ../libtool --quiet --tag=CC --mode=link gcc t_truncate_self.c -o 
t_truncate_self -g -O2 -g -O2 -DDEBUG  -I../include -DVERSION=\"1.1.1\" 
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -funsigned-char -fno-strict-aliasing -Wall 
-DHAVE_FALLOCATE   -lattr /usr/lib/libhandle.la -lacl -lpthread   
../lib/libtest.la
libtool:   error: cannot find the library '/usr/lib/libhandle.la' or unhandled 
argument '/usr/lib/libhandle.la'

will not paste the second line as text to the person I'm having a
conversation with; rather it will attempt to interpret the second line
as a command, and the conversation gets derailed with missing lines.

Hexchat used to have code to detect unix pathnames, but it's currently
commented out.  I've written and lightly tested a better heuristic --
IRC commands do not contain a /, so if we see a / before we see a space,
we can infer this is not an IRC command.

This is a superset of the current test for "//" at the beginning of
a string, so delete that check as well.

Description: Don't interpret unix pathnames as commands
 Replace the list of common unix pathnames with a simpler heuristic;
 if there are two '/' characters before there is a ' ', this cannot be an
 IRC command, so just send it to the server as text instead of a command.
Author: Matthew Wilcox 

--- hexchat-2.14.1.orig/src/common/outbound.c
+++ hexchat-2.14.1/src/common/outbound.c
@@ -4852,6 +4852,9 @@
 static int
 handle_user_input (session *sess, char *text, int history, int nocommand)
 {
+   char cmd_char = prefs.hex_input_command_char[0];
+   unsigned int i;
+
if (*text == '\0')
return 1;
 
@@ -4859,50 +4862,27 @@
history_add (>history, text);
 
/* is it NOT a command, just text? */
-   if (nocommand || text[0] != prefs.hex_input_command_char[0])
+   if (nocommand || text[0] != cmd_char)
{
handle_say (sess, text, TRUE);
return 1;
}
 
-   /* check for // */
-   if (text[0] == prefs.hex_input_command_char[0] && text[1] == 
prefs.hex_input_command_char[0])
-   {
-   handle_say (sess, text + 1, TRUE);
-   return 1;
-   }
-
-#if 0 /* Who would remember all this? */
-   if (prefs.hex_input_command_char[0] == '/')
+   /*
+* There are no commands with an embedded /, so if we see one before
+* we see a space, assume somebody's pasting a unix pathname or
+* similar.  It can't be a command.
+*/
+   for (i = 1; text[i]; i++)
{
-   int i;
-   const char *unix_dirs [] = {
-   "/bin/",
-   "/boot/",
-   "/dev/",
-   "/etc/",
-   "/home/",
-   "/lib/",
-   "/lost+found/",
-   "/mnt/",
-   "/opt/",
-   "/proc/",
-   "/root/",
-   "/sbin/",
-   "/tmp/",
-   "/usr/",
-   "/var/",
-   "/gnome/",
-   NULL
-   };
-   for (i = 0; unix_dirs[i] != NULL; i++)
-   if (strncmp (text, unix_dirs[i], strlen 
(unix_dirs[i]))==0)
-   {
-   handle_say (sess, text, TRUE);
-   return 1;
-   }
+   if (text[i] == cmd_char)
+   {
+   handle_say (sess, text, TRUE);
+   return 1;
+   }
+   if (text[i] == ' ')
+   break;
}
-#endif
 
return handle_command (sess, text + 1, TRUE);
 }