From c2ca77d7536fdcf23755de2372576176a0c1179b Mon Sep 17 00:00:00 2001 From: wwp Date: Mon, 19 Oct 2020 12:03:58 +0200 Subject: [PATCH 1/1] Shield template's |program{} and |attach_program{} so that the command-line that is executed does not allow sequencing like with && || ;, preventing possible execution of nasty, or at least unexpected, commands. --- src/quote_fmt_parse.y | 141 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 122 insertions(+), 19 deletions(-) diff --git a/src/quote_fmt_parse.y b/src/quote_fmt_parse.y index e95b39870..3bb8cd4d1 100644 --- a/src/quote_fmt_parse.y +++ b/src/quote_fmt_parse.y @@ -25,6 +25,10 @@ #include #include +#include +#include +#include +#include #include "procmsg.h" #include "procmime.h" @@ -521,15 +525,65 @@ static void quote_fmt_insert_file(const gchar *filename) static void quote_fmt_insert_program_output(const gchar *progname) { - FILE *file; - char buffer[BUFFSIZE]; - - if ((file = popen(progname, "r")) != NULL) { - while (fgets(buffer, sizeof(buffer), file)) { - INSERT(buffer); - } - pclose(file); + int pipefd[2]; + pid_t pid; + + GError *error; + gint argc; + gchar **argv; + gboolean ret; + + /* turn the command-line string into an array */ + argv = NULL; + argc = 0; + error = NULL; + ret = g_shell_parse_argv (progname, &argc, &argv, &error); + if (!ret) { + g_error("could not parse command line from '%s'", progname); + return; + } + + if (pipe(pipefd) == -1) { + g_error("can't pipe - error %s", g_strerror(errno)); + return; } + + if (0 == (pid = fork())) { + /* + * redirect output to write end of pipe + */ + close(pipefd[0]); + dup2(pipefd[1], STDOUT_FILENO); + if (-1 == execvp(argv[0], argv)) + perror("execvp"); + } else { + char buffer[BUFFSIZE]; + int r; + + waitpid(pid, NULL, 0); + + g_strfreev (argv); + + /* + * make it non blocking + */ + if (-1 == fcntl(pipefd[0], F_SETFL, fcntl(pipefd[0], F_GETFL) | O_NONBLOCK)) + g_warning("set to non blocking failed"); + + /* + * get the output + */ + do { + r = read(pipefd[0], buffer, sizeof buffer - 1); + if (r > 0) { + buffer[r] = 0; + INSERT(buffer); + } + } while (r > 0); + + close(pipefd[0]); + close(pipefd[1]); + } } static void quote_fmt_insert_user_input(const gchar *varname) @@ -565,18 +619,67 @@ static void quote_fmt_attach_file(const gchar *filename) static void quote_fmt_attach_file_program_output(const gchar *progname) { - FILE *file; - char buffer[BUFFSIZE]; - - if ((file = popen(progname, "r")) != NULL) { - /* get first line only */ - if (fgets(buffer, sizeof(buffer), file)) { - /* trim trailing CR/LF */ - strretchomp(buffer); - attachments = g_list_append(attachments, g_strdup(buffer)); - } - pclose(file); + int pipefd[2]; + pid_t pid; + + GError *error; + gint argc; + gchar **argv; + gboolean ret; + + /* turn the command-line string into an array */ + argv = NULL; + argc = 0; + error = NULL; + ret = g_shell_parse_argv (progname, &argc, &argv, &error); + if (!ret) { + g_error("could not parse command line from '%s'", progname); + return; + } + + if (pipe(pipefd) == -1) { + g_error("can't pipe - error %s", g_strerror(errno)); + return; } + + if (0 == (pid = fork())) { + /* + * redirect output to write end of pipe + */ + close(pipefd[0]); + dup2(pipefd[1], STDOUT_FILENO); + if (-1 == execvp(argv[0], argv)) + perror("execvp"); + } else { + char buffer[BUFFSIZE]; + int r; + + waitpid(pid, NULL, 0); + + g_strfreev (argv); + + /* + * make it non blocking + */ + if (-1 == fcntl(pipefd[0], F_SETFL, fcntl(pipefd[0], F_GETFL) | O_NONBLOCK)) + g_warning("set to non blocking failed"); + + /* + * get the output + */ + do { + r = read(pipefd[0], buffer, sizeof buffer - 1); + if (r > 0) { + buffer[r] = 0; + /* trim trailing CR/LF */ + strretchomp(buffer); + attachments = g_list_append(attachments, g_strdup(buffer)); + } + } while (r > 0); + + close(pipefd[0]); + close(pipefd[1]); + } } static gchar *quote_fmt_complete_address(const gchar *addr) -- 2.25.1