[groff] 20/35: [troff]: Fix Savannah #66546 (`cf` is unsafe).

groff-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[groff] 20/35: [troff]: Fix Savannah #66546 (`cf` is unsafe).

From:	G. Branden Robinson
Subject:	[groff] 20/35: [troff]: Fix Savannah #66546 (`cf` is unsafe).
Date:	Tue, 10 Dec 2024 16:35:35 -0500 (EST)
gbranden pushed a commit to branch master
in repository groff.

commit f0ef2a7074f7cea3a6484bbe77127b397cafa362
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Sun Dec 8 12:56:10 2024 -0600

    [troff]: Fix Savannah #66546 (`cf` is unsafe).
    
    Disable `cf` request in safer mode.
    
    * src/roff/troff/input.cpp (copy_file): Do it.
    
    * doc/groff.texi.in (I/O) <cf>:
    * man/groff.7.man (Request short reference) <cf>:
    * man/groff_diff.7.man (Restricted requests): Do it.
    
    * NEWS: Add item.
    
    Fixes <https://savannah.gnu.org/bugs/?66546>.
    
    Exhibit:
    
    $ for n in $(seq 0 31) $(seq 128 255); do c=$(printf '\\%03o' $n); \
        printf "$c" >>bin; done
    $ od -c bin
    0000000  \0 001 002 003 004 005 006  \a  \b  \t  \n  \v  \f  \r 016 017
    0000020 020 021 022 023 024 025 026 027 030 031 032 033 034 035 036 037
    0000040 200 201 202 203 204 205 206 207 210 211 212 213 214 215 216 217
    0000060 220 221 222 223 224 225 226 227 230 231 232 233 234 235 236 237
    0000100 240 241 242 243 244 245 246 247 250 251 252 253 254 255 256 257
    0000120 260 261 262 263 264 265 266 267 270 271 272 273 274 275 276 277
    0000140 300 301 302 303 304 305 306 307 310 311 312 313 314 315 316 317
    0000160 320 321 322 323 324 325 326 327 330 331 332 333 334 335 336 337
    0000200 340 341 342 343 344 345 346 347 350 351 352 353 354 355 356 357
    0000220 360 361 362 363 364 365 366 367 370 371 372 373 374 375 376 377
    0000240
    $ cat cf.roff
    Hello
    .cf bin
    world!
    $ cat trf.groff
    Hello
    .trf bin
    world!
    $ groff -Z ATTIC/cf.roff | od -c
    0000000   x       T       p   s  \n   x       r   e   s       7   2   0
    0000020   0   0       1       1  \n   x       i   n   i   t  \n   p   1
    0000040  \n   x       f   o   n   t       5       T   R  \n   f   5  \n
    0000060   s   1   0   0   0   0  \n   V   1   2   0   0   0  \n   H   7
    0000100   2   0   0   0  \n   m   d  \n   D   F   d  \n   t   H   e   l
    0000120   l   o  \n   n   1   2   0   0   0       0  \n   V   1   2   0
    0000140   0   0  \n   H   7   2   0   0   0  \n  \0 001 002 003 004 005
    0000160 006  \a  \b  \t  \n  \v  \f  \r 016 017 020 021 022 023 024 025
    0000200 026 027 030 031 032 033 034 035 036 037 200 201 202 203 204 205
    0000220 206 207 210 211 212 213 214 215 216 217 220 221 222 223 224 225
    0000240 226 227 230 231 232 233 234 235 236 237 240 241 242 243 244 245
    0000260 246 247 250 251 252 253 254 255 256 257 260 261 262 263 264 265
    0000300 266 267 270 271 272 273 274 275 276 277 300 301 302 303 304 305
    0000320 306 307 310 311 312 313 314 315 316 317 320 321 322 323 324 325
    0000340 326 327 330 331 332 333 334 335 336 337 340 341 342 343 344 345
    0000360 346 347 350 351 352 353 354 355 356 357 360 361 362 363 364 365
    0000400 366 367 370 371 372 373 374 375 376 377   x       f   o   n   t
    0000420       5       T   R  \n   f   5  \n   s   1   0   0   0   0  \n
    0000440   V   2   4   0   0   0  \n   H   7   2   0   0   0  \n   t   o
    0000460   r   l   d   !  \n   n   1   2   0   0   0       0  \n   x
    0000500   t   r   a   i   l   e   r  \n   V   7   9   2   0   0   0  \n
    0000520   x       s   t   o   p  \n
    0000527
    $ groff -Z ATTIC/trf.groff | od -c
    0000000   x       T       p   s  \n   x       r   e   s       7   2   0
    0000020   0   0       1       1  \n   x       i   n   i   t  \n   p   1
    0000040  \n   x       f   o   n   t       5       T   R  \n   f   5  \n
    0000060   s   1   0   0   0   0  \n   V   1   2   0   0   0  \n   H   7
    0000100   2   0   0   0  \n   m   d  \n   D   F   d  \n   t   H   e   l
    0000120   l   o  \n   n   1   2   0   0   0       0  \n 001 002 003 004
    0000140 005 006  \a  \b  \t  \n  \f 240 241 242 243 244 245 246 247 250
    0000160 251 252 253 254 255 256 257 260 261 262 263 264 265 266 267 270
    0000200 271 272 273 274 275 276 277 300 301 302 303 304 305 306 307 310
    0000220 311 312 313 314 315 316 317 320 321 322 323 324 325 326 327 330
    0000240 331 332 333 334 335 336 337 340 341 342 343 344 345 346 347 350
    0000260 351 352 353 354 355 356 357 360 361 362 363 364 365 366 367 370
    0000300 371 372 373 374 375 376 377  \n   V   2   4   0   0   0  \n   H
    0000320   7   2   0   0   0  \n   t   w  \n   H   7   9   1   2   0  \n
    0000340   t   o   r   l   d   !  \n   n   1   2   0   0   0       0  \n
    0000360   x       t   r   a   i   l   e   r  \n   V   7   9   2   0   0
    0000400   0  \n   x       s   t   o   p  \n
    0000411
---
 ChangeLog                | 14 ++++++++++++++
 NEWS                     |  7 +++++++
 doc/groff.texi.in        |  9 +++++++++
 man/groff.7.man          |  3 +++
 man/groff_diff.7.man     |  3 ++-
 src/roff/troff/input.cpp |  5 +++++
 6 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 795b30eae..615db1c91 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2024-12-08  G. Branden Robinson <g.branden.robinson@gmail.com>
+
+       [troff]: Disable `cf` request in safer mode.
+
+       * src/roff/troff/input.cpp (copy_file): Do it.
+
+       * doc/groff.texi.in (I/O) <cf>:
+       * man/groff.7.man (Request short reference) <cf>:
+       * man/groff_diff.7.man (Restricted requests): Do it.
+
+       * NEWS: Add item.
+
+       Fixes <https://savannah.gnu.org/bugs/?66546>.
+
 2024-12-08  G. Branden Robinson <g.branden.robinson@gmail.com>
 
        * src/libs/libgroff/libgroff.am (libgroff_a_LIBADD): Add to
diff --git a/NEWS b/NEWS
index e68cabca4..57032aa8d 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,13 @@ VERSION next
 troff
 -----
 
+*  The `cf` request is now disabled in safer mode; as with `pi` and
+   `sy`, you must specify the "unsafe mode" option `-U` to use it.
+   Alternatively, use the `trf` request, available since groff 0.6
+   (circa 1990), to embed a file in GNU troff's output while discarding
+   characters (most C0 and C1 controls) that are invalid as GNU troff
+   input--and incidentally also undefined in GNU troff output.
+
 *  The `hpfcode` request now emits an error when used, advising of its
    planned withdrawal, but then proceeds with normal behavior.  The
    documented replacement mechanism, the `hcode` request, has existed
diff --git a/doc/groff.texi.in b/doc/groff.texi.in
index 8b35fea70..05dd5db2d 100644
--- a/doc/groff.texi.in
+++ b/doc/groff.texi.in
@@ -16366,6 +16366,15 @@ anomalous that it must be considered a bug.
 @cindex @code{trf} request, and invalid characters
 @cindex characters, invalid for @code{trf} request
 @cindex invalid characters for @code{trf} request
+@code{cf} copies the contents of @var{file} completely unprocessed;
+it is therefore an error to use this request in safer mode,
+which is the default.
+Invoke GNU
+@command{troff}
+or a front end with the
+@option{-U}
+option to enable unsafe mode.
+
 @code{trf} discards invalid input characters;
 recall @ref{Identifiers}.
 
diff --git a/man/groff.7.man b/man/groff.7.man
index 4a5f77f58..16ffa9080 100644
--- a/man/groff.7.man
+++ b/man/groff.7.man
@@ -2783,6 +2783,9 @@ as if preceded by
 .BR \[rs]!\& ,
 but is not interpreted by the formatter.
 .
+Unsafe request;
+disabled by default.
+.
 .TPx
 .REQ .cflags "n c1 c2 \fR\&.\|.\|.\&\fP"
 Assign properties encoded
diff --git a/man/groff_diff.7.man b/man/groff_diff.7.man
index 3fa55b7cb..459a49367 100644
--- a/man/groff_diff.7.man
+++ b/man/groff_diff.7.man
@@ -1501,7 +1501,8 @@ It is discarded from the end of an output line if a break 
is forced.
 .
 To mitigate risks from untrusted input documents,
 the
-.B pi
+.BR cf ,
+.BR pi ,
 and
 .B sy
 requests are disabled by default.
diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp
index 91425bc98..da9361d4d 100644
--- a/src/roff/troff/input.cpp
+++ b/src/roff/troff/input.cpp
@@ -8540,6 +8540,11 @@ void copy_file()
     skip_line();
     return;
   }
+  if (!want_unsafe_requests) {
+    error("file throughput request is not allowed in safer mode");
+    skip_line();
+    return;
+  }
   if ((curdiv == topdiv) && (topdiv->before_first_page_status > 0)) {
     handle_initial_request(COPY_FILE_REQUEST);
     return;
[Prev in Thread]
Current Thread
[Next in Thread]
[groff] 20/35: [troff]: Fix Savannah #66546 (`cf` is unsafe)., G. Branden Robinson <=
Prev by Date: [groff] 19/35: [doc,man]: Update descriptions of `cf`, `trf`.
Next by Date: [groff] 27/35: [chem]: Rely on build system to define `PERL`.
Previous by thread: [groff] 19/35: [doc,man]: Update descriptions of `cf`, `trf`.
Next by thread: [groff] 27/35: [chem]: Rely on build system to define `PERL`.
Index(es):
- Date
- Thread