emacs-elpa-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[elpa] externals-release/org bc3caa8f90: org-man-open: Fix shell expansi

From: ELPA Syncer
Subject: [elpa] externals-release/org bc3caa8f90: org-man-open: Fix shell expansion vulnerability (Emacs bug#66390)
Date: Thu, 11 Jan 2024 07:48:15 -0500 (EST) 
branch: externals-release/org
commit bc3caa8f90d215e63852d5795a1c0209a6d20cc8
Author: Ihor Radchenko <yantar92@posteo.net>
Commit: Ihor Radchenko <yantar92@posteo.net>

    org-man-open: Fix shell expansion vulnerability (Emacs bug#66390)
    
    * lisp/ol-man.el (org-man-open): Work around Emacs bug#66390.
    Implement fix on org side before Emacs commit that fixes the bug.
    
    Link: 
https://yhetil.org/emacs-bugs/CADwFkmnTMsOM+z0x8FGPGguMtoD9hLrNt9YfbaJ08KPNKW3EbQ@mail.gmail.com/
---
 lisp/ol-man.el | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lisp/ol-man.el b/lisp/ol-man.el
index b6cada1b3c..d801f59d89 100644
--- a/lisp/ol-man.el
+++ b/lisp/ol-man.el
@@ -39,13 +39,27 @@
   :group 'org-link
   :type '(choice (const man) (const woman)))
 
+(declare-function Man-translate-references "man" (ref))
 (defun org-man-open (path _)
   "Visit the manpage on PATH.
 PATH should be a topic that can be thrown at the man command.
 If PATH contains extra ::STRING which will use `occur' to search
 matched strings in man buffer."
+  (require 'man) ; For `Man-translate-references'
   (string-match "\\(.*?\\)\\(?:::\\(.*\\)\\)?$" path)
   (let* ((command (match-string 1 path))
+         ;; FIXME: Remove after we drop Emacs 29 support.
+         ;; Working around security bug #66390.
+         (command (if (org-man-store-link (equal (Man-translate-references 
";id") "\\;id"))
+                      ;; We are on Emacs that properly escapes man
+                      ;; command args (see Emacs commit 820f0793f0b).
+                      command
+                    ;; Older Emacs without the fix - escape the
+                    ;; arguments ourselves.
+                    (mapconcat 'identity
+                               (mapcar #'shell-quote-argument
+                                       (split-string command "\\s-+"))
+                               " ")))
          (search (match-string 2 path))
          (buffer (funcall org-man-command command)))
     (when search
reply via email to
[Prev in Thread] Current Thread [Next in Thread]