[bug #66546] [troff] restrict `cf` request to unsafe mode

bug-groff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #66546] [troff] restrict `cf` request to unsafe mode

From:	G. Branden Robinson
Subject:	[bug #66546] [troff] restrict `cf` request to unsafe mode
Date:	Tue, 10 Dec 2024 16:39:28 -0500 (EST)

Update of bug #66546 (group groff):

                  Status:             In Progress => Fixed
             Open/Closed:                    Open => Closed
         Planned Release:                    None => 1.24.0

    _______________________________________________________

Follow-up Comment #1:


commit f0ef2a7074f7cea3a6484bbe77127b397cafa362
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date:   Sun Dec 8 12:56:10 2024 -0600

    [troff]: Fix Savannah #66546 (`cf` is unsafe).
    
    Disable `cf` request in safer mode.
    
    * src/roff/troff/input.cpp (copy_file): Do it.
    
    * doc/groff.texi.in (I/O) <cf>:
    * man/groff.7.man (Request short reference) <cf>:
    * man/groff_diff.7.man (Restricted requests): Do it.
    
    * NEWS: Add item.
    
    Fixes <https://savannah.gnu.org/bugs/?66546>.
    
    Exhibit:
    
    $ for n in $(seq 0 31) $(seq 128 255); do c=$(printf '\\%03o' $n); \
        printf "$c" >>bin; done
    $ od -c bin
    0000000  \0 001 002 003 004 005 006  \a  \b  \t  \n  \v  \f  \r 016 017
    0000020 020 021 022 023 024 025 026 027 030 031 032 033 034 035 036 037
    0000040 200 201 202 203 204 205 206 207 210 211 212 213 214 215 216 217
    0000060 220 221 222 223 224 225 226 227 230 231 232 233 234 235 236 237
    0000100 240 241 242 243 244 245 246 247 250 251 252 253 254 255 256 257
    0000120 260 261 262 263 264 265 266 267 270 271 272 273 274 275 276 277
    0000140 300 301 302 303 304 305 306 307 310 311 312 313 314 315 316 317
    0000160 320 321 322 323 324 325 326 327 330 331 332 333 334 335 336 337
    0000200 340 341 342 343 344 345 346 347 350 351 352 353 354 355 356 357
    0000220 360 361 362 363 364 365 366 367 370 371 372 373 374 375 376 377
    0000240
    $ cat cf.roff
    Hello
    .cf bin
    world!
    $ cat trf.groff
    Hello
    .trf bin
    world!
    $ groff -Z ATTIC/cf.roff | od -c
    0000000   x       T       p   s  \n   x       r   e   s       7   2   0
    0000020   0   0       1       1  \n   x       i   n   i   t  \n   p   1
    0000040  \n   x       f   o   n   t       5       T   R  \n   f   5  \n
    0000060   s   1   0   0   0   0  \n   V   1   2   0   0   0  \n   H   7
    0000100   2   0   0   0  \n   m   d  \n   D   F   d  \n   t   H   e   l
    0000120   l   o  \n   n   1   2   0   0   0       0  \n   V   1   2   0
    0000140   0   0  \n   H   7   2   0   0   0  \n  \0 001 002 003 004 005
    0000160 006  \a  \b  \t  \n  \v  \f  \r 016 017 020 021 022 023 024 025
    0000200 026 027 030 031 032 033 034 035 036 037 200 201 202 203 204 205
    0000220 206 207 210 211 212 213 214 215 216 217 220 221 222 223 224 225
    0000240 226 227 230 231 232 233 234 235 236 237 240 241 242 243 244 245
    0000260 246 247 250 251 252 253 254 255 256 257 260 261 262 263 264 265
    0000300 266 267 270 271 272 273 274 275 276 277 300 301 302 303 304 305
    0000320 306 307 310 311 312 313 314 315 316 317 320 321 322 323 324 325
    0000340 326 327 330 331 332 333 334 335 336 337 340 341 342 343 344 345
    0000360 346 347 350 351 352 353 354 355 356 357 360 361 362 363 364 365
    0000400 366 367 370 371 372 373 374 375 376 377   x       f   o   n   t
    0000420       5       T   R  \n   f   5  \n   s   1   0   0   0   0  \n
    0000440   V   2   4   0   0   0  \n   H   7   2   0   0   0  \n   t   o
    0000460   r   l   d   !  \n   n   1   2   0   0   0       0  \n   x
    0000500   t   r   a   i   l   e   r  \n   V   7   9   2   0   0   0  \n
    0000520   x       s   t   o   p  \n
    0000527
    $ groff -Z ATTIC/trf.groff | od -c
    0000000   x       T       p   s  \n   x       r   e   s       7   2   0
    0000020   0   0       1       1  \n   x       i   n   i   t  \n   p   1
    0000040  \n   x       f   o   n   t       5       T   R  \n   f   5  \n
    0000060   s   1   0   0   0   0  \n   V   1   2   0   0   0  \n   H   7
    0000100   2   0   0   0  \n   m   d  \n   D   F   d  \n   t   H   e   l
    0000120   l   o  \n   n   1   2   0   0   0       0  \n 001 002 003 004
    0000140 005 006  \a  \b  \t  \n  \f 240 241 242 243 244 245 246 247 250
    0000160 251 252 253 254 255 256 257 260 261 262 263 264 265 266 267 270
    0000200 271 272 273 274 275 276 277 300 301 302 303 304 305 306 307 310
    0000220 311 312 313 314 315 316 317 320 321 322 323 324 325 326 327 330
    0000240 331 332 333 334 335 336 337 340 341 342 343 344 345 346 347 350
    0000260 351 352 353 354 355 356 357 360 361 362 363 364 365 366 367 370
    0000300 371 372 373 374 375 376 377  \n   V   2   4   0   0   0  \n   H
    0000320   7   2   0   0   0  \n   t   w  \n   H   7   9   1   2   0  \n
    0000340   t   o   r   l   d   !  \n   n   1   2   0   0   0       0  \n
    0000360   x       t   r   a   i   l   e   r  \n   V   7   9   2   0   0
    0000400   0  \n   x       s   t   o   p  \n
    0000411




    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?66546>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #66546] [troff] restrict `cf` request to unsafe mode, G. Branden Robinson, 2024/12/08
- [bug #66546] [troff] restrict `cf` request to unsafe mode, G. Branden Robinson <=

Prev by Date: [bug #66537] [PATCH] tmac/pdfpic.tmac: missing ", qq(\\n)" before a perl 'if' command
Next by Date: [bug #66501] [gropdf] fails when using \*[PDFLB] within PDF popup note
Previous by thread: [bug #66546] [troff] restrict `cf` request to unsafe mode
Next by thread: [bug #66547] [troff] `trf` should filter all C0 controls except LF, and all code points > 0x7F
Index(es):
- Date
- Thread