Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 90626
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 90626 depends on: 89946 Show dependency tree
Bug 90626 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-04-27 08:28 0000 
This old issue seems unfixed in our zgrep.

> zgrep contains the following gem:
>
> for i do
> [snip]
>      if test $with_filename -eq 1; then
>        sed_script="s|^[^:]*:|${i}:|"
>      else
>        sed_script="s|^|${i}:|"
>      fi
>      $grep $opt "$pat" | sed "$sed_script"
> [snip]
> done
>
> Aside of the correctness issues (try to use zgrep on files with e.g. '&' in
> names), it leads to obvious fun when zgrep arguments had been obtained
> by globbing in an untrusted place.  Even with standard sed we have at
> least ;w<filename>; to deal with; for GNU sed there's also ;e; on top
> of that (execute the contents of pattern space).  bzgrep is no better -
> it's based on zgrep.
>
> AFAICS, there are two solutions - one is to do what *BSD had done and
> make grep(1) use zlib and libbz; then zgrep et.al. become links to
> grep.  Another is to quote \, |, ; and newlines, which means extra
> invocation of sed(1)...

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-04-27 08:42:07 0000 ------- 
And the proposed patch by Red Hat:

--- zgrep.in
+++ zgrep.in
@@ -24,7 +24,7 @@

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-04-27 08:42:07 0000 ------- 
And the proposed patch by Red Hat:

--- zgrep.in
+++ zgrep.in
@@ -24,7 +24,7 @@
 
 PATH="BINDIR:$PATH"; export PATH
 
-prog=`echo $0 | sed 's|.*/||'`
+prog=`echo "$0" | sed 's|.*/||'`
 case "$prog" in
        *egrep) grep=${EGREP-egrep -a}  ;;
        *fgrep) grep=${FGREP-fgrep -a}  ;;
@@ -112,12 +112,15 @@
   fi
   $uncompress -cdfq "$i" |
     if test $files_with_matches -eq 1; then
-      $grep $opt "$pat" > /dev/null && echo $i
+      $grep $opt "$pat" > /dev/null && printf "%s\n" "$i"
     elif test $files_without_matches -eq 1; then
-      $grep $opt "$pat" > /dev/null || echo $i
+      $grep $opt "$pat" > /dev/null || printf "%s\n" "$i"
     elif test $with_filename -eq 0 && { test $# -eq 1 || test $no_filename -eq 1; }; then
       $grep $opt "$pat"
     else
+      i=${i//\\/\\\\}
+      i=${i//|/\\|}
+      i=${i//&/\\&}
       if test $with_filename -eq 1; then
        sed_script="s|^[^:]*:|${i}:|"
       else

------- Comment #3 From SpanKY 2005-05-02 15:01:10 0000 ------- 
gzip-1.3.5-r6 now in portage with the fix

also we can probably open the bug considering redhat has the fix in their public cvs

------- Comment #4 From Sune Kloppenborg Jeppesen 2005-05-02 22:23:23 0000 ------- 
Opening.

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-05-09 12:44:59 0000 ------- 
GLSA 200505-05
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug