packages/util-linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wall: fix escape sequence Injection

Browse Source
This commit is contained in:
zhangyao 2024-03-29 14:49:03 +08:00
parent 6afde4dc7e
commit 4712dc1533
7 changed files with 684 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-CVE-2024-28085.patch Executable file
View File

@ -0,0 +1,29 @@
From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 21 Mar 2024 11:16:20 +0100
Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085]
Let's use for all cases the same output function.
Reported-by: Skyler Ferrante <sjf5462@rit.edu>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
term-utils/wall.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/term-utils/wall.c b/term-utils/wall.c
index fa5e027..d6714c6 100644
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@@ -329,7 +329,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
int i;
for (i = 0; i < mvecsz; i++) {
- fputs(mvec[i], fs);
+ fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
if (i < mvecsz - 1)
fputc(' ', fs);
}
--
2.19.1

25
backport-tests-fix-misc-setarch-run-in-a-docker-environment.patch Normal file
View File

@ -0,0 +1,25 @@
From c41e859b238998453a99a3fbe6f082f081372b86 Mon Sep 17 00:00:00 2001
From: Anatoly Pugachev <matorola@gmail.com>
Date: Fri, 8 Apr 2022 17:53:58 +0300
Subject: [PATCH] tests: fix misc/setarch run in a docker environment
Fixes: #601
---
tests/ts/misc/setarch | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/ts/misc/setarch b/tests/ts/misc/setarch
index 6c872bf70..ab2f6c009 100755
--- a/tests/ts/misc/setarch
+++ b/tests/ts/misc/setarch
@@ -23,6 +23,7 @@ ts_check_test_command "$TS_CMD_SETARCH"
ARCH=$(uname -m)
ts_init_subtest options
+test -e /.dockerenv && ts_skip "unsupported in docker environment"
ts_log_both "###### unknown arch"
$TS_CMD_SETARCH qubit -v echo "success" >> $TS_OUTPUT 2>> $TS_ERRLOG
echo "exit: $?" >>$TS_OUTPUT
--
2.33.0

28
backport-wall-add-__format__-attribute.patch Executable file
View File

@ -0,0 +1,28 @@
From 0c753d8d6b6c4342f4ede5e8aba1491d9119d010 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Fri, 18 Jun 2021 16:56:52 +0200
Subject: [PATCH] wall: add __format__ attribute
Reported-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
term-utils/wall.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/term-utils/wall.c b/term-utils/wall.c
index 97d9a56b5..fb283d3bf 100644
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@@ -296,7 +296,8 @@ static void buf_puts(struct buffer *bs, const char *s)
bs->used += len;
}
-static void buf_printf(struct buffer *bs, const char *fmt, ...)
+static void __attribute__((__format__ (__printf__, 2, 3)))
+ buf_printf(struct buffer *bs, const char *fmt, ...)
{
int rc;
va_list ap;
--
2.19.1

171
backport-wall-convert-homebrew-buffering-to-open_memstream.patch Normal file
View File

@ -0,0 +1,171 @@
From 27ee6446503af7ec0c2647704ca47ac4de3852ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
Date: Wed, 15 Mar 2023 16:16:43 +0100
Subject: [PATCH] wall: convert homebrew buffering to open_memstream()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The struct buffer system duplicates a plethora of standard I/O
functions (including a fork of fputc_careful())
and adds a lot of complexity open_memstream() is standard,
and fits perfectly into this niche
---
term-utils/wall.c | 95 ++++++++++-------------------------------------
1 file changed, 20 insertions(+), 75 deletions(-)
diff --git a/term-utils/wall.c b/term-utils/wall.c
index 53718e6..0531a7f 100644
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@@ -272,74 +272,22 @@ int main(int argc, char **argv)
exit(EXIT_SUCCESS);
}
-struct buffer {
- size_t sz;
- size_t used;
- char *data;
-};
-
-static void buf_enlarge(struct buffer *bs, size_t len)
+static void buf_putc_careful(FILE *fs, int c)
{
- if (bs->sz == 0 || len > bs->sz - bs->used) {
- bs->sz += len < 128 ? 128 : len;
- bs->data = xrealloc(bs->data, bs->sz);
- }
-}
-
-static void buf_puts(struct buffer *bs, const char *s)
-{
- size_t len = strlen(s);
-
- buf_enlarge(bs, len + 1);
- memcpy(bs->data + bs->used, s, len + 1);
- bs->used += len;
-}
-
-static void __attribute__((__format__ (__printf__, 2, 3)))
- buf_printf(struct buffer *bs, const char *fmt, ...)
-{
- int rc;
- va_list ap;
- size_t limit;
-
- buf_enlarge(bs, 0); /* default size */
- limit = bs->sz - bs->used;
-
- va_start(ap, fmt);
- rc = vsnprintf(bs->data + bs->used, limit, fmt, ap);
- va_end(ap);
-
- if (rc >= 0 && (size_t) rc >= limit) { /* not enough, enlarge */
- buf_enlarge(bs, (size_t)rc + 1);
- limit = bs->sz - bs->used;
- va_start(ap, fmt);
- rc = vsnprintf(bs->data + bs->used, limit, fmt, ap);
- va_end(ap);
- }
-
- if (rc > 0)
- bs->used += rc;
-}
-
-static void buf_putc_careful(struct buffer *bs, int c)
-{
- if (isprint(c) || c == '\a' || c == '\t' || c == '\r' || c == '\n') {
- buf_enlarge(bs, 1);
- bs->data[bs->used++] = c;
- } else if (!c_isascii(c))
- buf_printf(bs, "\\%3o", (unsigned char)c);
- else {
- char tmp[] = { '^', c ^ 0x40, '\0' };
- buf_puts(bs, tmp);
- }
+ if (isprint(c) || c == '\a' || c == '\t' || c == '\r' || c == '\n')
+ fputc(c, fs);
+ else if (!c_isascii(c))
+ fprintf(fs, "\\%3o", (unsigned char)c);
+ else
+ fputs((char[]){ '^', c ^ 0x40, '\0' }, fs);
}
static char *makemsg(char *fname, char **mvec, int mvecsz,
size_t *mbufsize, int print_banner)
{
- struct buffer _bs = {.used = 0}, *bs = &_bs;
register int ch, cnt;
- char *p, *lbuf;
+ char *p, *lbuf, *retbuf;
+ FILE * fs = open_memstream(&retbuf, mbufsize);
long line_max;
line_max = sysconf(_SC_LINE_MAX);
@@ -379,16 +327,16 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
*/
/* snprintf is not always available, but the sprintf's here
will not overflow as long as %d takes at most 100 chars */
- buf_printf(bs, "\r%*s\r\n", TERM_WIDTH, " ");
+ fprintf(fs, "\r%*s\r\n", TERM_WIDTH, " ");
snprintf(lbuf, line_max,
_("Broadcast message from %s@%s (%s) (%s):"),
whom, hostname, where, date);
- buf_printf(bs, "%-*.*s\007\007\r\n", TERM_WIDTH, TERM_WIDTH, lbuf);
+ fprintf(fs, "%-*.*s\007\007\r\n", TERM_WIDTH, TERM_WIDTH, lbuf);
free(hostname);
free(date);
}
- buf_printf(bs, "%*s\r\n", TERM_WIDTH, " ");
+ fprintf(fs, "%*s\r\n", TERM_WIDTH, " ");
if (mvec) {
/*
@@ -397,11 +345,11 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
int i;
for (i = 0; i < mvecsz; i++) {
- buf_puts(bs, mvec[i]);
+ fputs(mvec[i], fs);
if (i < mvecsz - 1)
- buf_puts(bs, " ");
+ fputc(' ', fs);
}
- buf_puts(bs, "\r\n");
+ fputs("\r\n", fs);
} else {
/*
* read message from <file>
@@ -429,23 +377,20 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
while (fgets(lbuf, line_max, stdin)) {
for (cnt = 0, p = lbuf; (ch = *p) != '\0'; ++p, ++cnt) {
if (cnt == TERM_WIDTH || ch == '\n') {
- for (; cnt < TERM_WIDTH; ++cnt)
- buf_puts(bs, " ");
- buf_puts(bs, "\r\n");
+ fprintf(fs, "%*s\r\n", TERM_WIDTH - cnt, "");
cnt = 0;
}
if (ch == '\t')
cnt += (7 - (cnt % 8));
if (ch != '\n')
- buf_putc_careful(bs, ch);
+ buf_putc_careful(fs, ch);
}
}
}
- buf_printf(bs, "%*s\r\n", TERM_WIDTH, " ");
+ fprintf(fs, "%*s\r\n", TERM_WIDTH, " ");
free(lbuf);
- bs->data[bs->used] = '\0'; /* be paranoid */
- *mbufsize = bs->used;
- return bs->data;
+ fclose(fs);
+ return retbuf;
}
--
2.33.0

218
backport-wall-use-fputs_careful.patch Executable file
View File

@ -0,0 +1,218 @@
From aa13246a1bf1be9e4f6eb331f4d4d2dbc875e22f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
Date: Wed, 15 Mar 2023 16:16:48 +0100
Subject: [PATCH] wall: use fputs_careful()
LINE_MAX only applies to teletypes in canonical mode: when stdin is a
file, it could still very much tear; start off at 512 for the sprintf(),
then use getline() like in write.
The line wrapping has one suboptimal edge-case:
$ wall < all
Broadcast message from nabijaczleweli@tarta (pts/4) (Tue Mar 14 22:31:25
2023):
^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^[^\^]^^^_
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJ
KLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~^?\200\201\202\203\204\205\206
\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232
\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256
\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302
\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326
\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352
\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376
\377
but that's a pathological input, and the result is still infinitely
better than it was before, so fixing that is more trouble than it's
worth.
Bug-Debian: https://bugs.debian.org/826596
---
include/carefulputc.h | 42 +++++++++++++++++++++++++++++++++---------
login-utils/last.c | 2 +-
term-utils/wall.c | 38 ++++++--------------------------------
term-utils/write.c | 2 +-
4 files changed, 41 insertions(+), 43 deletions(-)
diff --git a/include/carefulputc.h b/include/carefulputc.h
index 4f74526..51d1c99 100644
--- a/include/carefulputc.h
+++ b/include/carefulputc.h
@@ -6,6 +6,7 @@
#include <ctype.h>
#ifdef HAVE_WIDECHAR
#include <wctype.h>
+#include <wchar.h>
#endif
#include <stdbool.h>
@@ -15,18 +16,35 @@
* A puts() for use in write and wall (that sometimes are sgid tty).
* It avoids control and invalid characters.
* The locale of the recipient is nominally unknown,
- * but it's a solid bet that the encoding is compatible with the author's.
+ * but it's a solid bet that it's compatible with the author's.
+ * Use soft_width=0 to disable wrapping.
*/
-static inline int fputs_careful(const char * s, FILE *fp, const char ctrl, bool cr_lf)
+static inline int fputs_careful(const char * s, FILE *fp, const char ctrl, bool cr_lf, int soft_width)
{
- int ret = 0;
+ int ret = 0, col = 0;
for (size_t slen = strlen(s); *s; ++s, --slen) {
- if (*s == '\n')
+ if (*s == '\t')
+ col += (7 - (col % 8)) - 1;
+ else if (*s == '\r')
+ col = -1;
+ else if (*s == '\a')
+ --col;
+
+ if ((soft_width && col >= soft_width) || *s == '\n') {
+ if (soft_width) {
+ fprintf(fp, "%*s", soft_width - col, "");
+ col = 0;
+ }
ret = fputs(cr_lf ? "\r\n" : "\n", fp);
- else if (isprint(*s) || *s == '\a' || *s == '\t' || *s == '\r')
+ if (*s == '\n' || ret < 0)
+ goto wrote;
+ }
+
+ if (isprint(*s) || *s == '\a' || *s == '\t' || *s == '\r') {
ret = putc(*s, fp);
- else if (!c_isascii(*s)) {
+ ++col;
+ } else if (!c_isascii(*s)) {
#ifdef HAVE_WIDECHAR
wchar_t w;
size_t clen = mbtowc(&w, s, slen);
@@ -35,21 +53,27 @@ static inline int fputs_careful(const char * s, FILE *fp, const char ctrl, bool
case (size_t)-1: // EILSEQ
mbtowc(NULL, NULL, 0);
nonprint:
- ret = fprintf(fp, "\\%3hho", *s);
+ col += ret = fprintf(fp, "\\%3hho", *s);
break;
default:
if(!iswprint(w))
goto nonprint;
ret = fwrite(s, 1, clen, fp);
+ if (soft_width)
+ col += wcwidth(w);
s += clen - 1;
slen -= clen - 1;
break;
}
#else
- ret = fprintf(fp, "\\%3hho", *s);
+ col += ret = fprintf(fp, "\\%3hho", *s);
#endif
- } else
+ } else {
ret = fputs((char[]){ ctrl, *s ^ 0x40, '\0' }, fp);
+ col += 2;
+ }
+
+ wrote:
if (ret < 0)
return EOF;
}
diff --git a/login-utils/last.c b/login-utils/last.c
index c5984f1..8386f08 100644
--- a/login-utils/last.c
+++ b/login-utils/last.c
@@ -550,7 +550,7 @@ static int list(const struct last_control *ctl, struct utmpx *p, time_t logout_t
/*
* Print out "final" string safely.
*/
- fputs_careful(final, stdout, '*', false);
+ fputs_careful(final, stdout, '*', false, 0);
if (len < 0 || (size_t)len >= sizeof(final))
putchar('\n');
diff --git a/term-utils/wall.c b/term-utils/wall.c
index 97623b8..fa5e027 100644
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@@ -273,29 +273,13 @@ int main(int argc, char **argv)
exit(EXIT_SUCCESS);
}
-static void buf_putc_careful(FILE *fs, int c)
-{
- if (isprint(c) || c == '\a' || c == '\t' || c == '\r' || c == '\n')
- fputc(c, fs);
- else if (!c_isascii(c))
- fprintf(fs, "\\%3o", (unsigned char)c);
- else
- fputs((char[]){ '^', c ^ 0x40, '\0' }, fs);
-}
-
static char *makemsg(char *fname, char **mvec, int mvecsz,
size_t *mbufsize, int print_banner)
{
- register int ch, cnt;
- char *p, *lbuf, *retbuf;
+ char *lbuf, *retbuf;
FILE * fs = open_memstream(&retbuf, mbufsize);
- long line_max;
-
- line_max = sysconf(_SC_LINE_MAX);
- if (line_max <= 0)
- line_max = 512;
-
- lbuf = xmalloc(line_max);
+ size_t lbuflen = 512;
+ lbuf = xmalloc(lbuflen);
if (print_banner == TRUE) {
char *hostname = xgethostname();
@@ -330,7 +314,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
will not overflow as long as %d takes at most 100 chars */
fprintf(fs, "\r%*s\r\n", TERM_WIDTH, " ");
- snprintf(lbuf, line_max,
+ snprintf(lbuf, lbuflen,
_("Broadcast message from %s@%s (%s) (%s):"),
whom, hostname, where, date);
fprintf(fs, "%-*.*s\007\007\r\n", TERM_WIDTH, TERM_WIDTH, lbuf);
@@ -374,18 +358,8 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
/*
* Read message from stdin.
*/
- while (fgets(lbuf, line_max, stdin)) {
- for (cnt = 0, p = lbuf; (ch = *p) != '\0'; ++p, ++cnt) {
- if (cnt == TERM_WIDTH || ch == '\n') {
- fprintf(fs, "%*s\r\n", TERM_WIDTH - cnt, "");
- cnt = 0;
- }
- if (ch == '\t')
- cnt += (7 - (cnt % 8));
- if (ch != '\n')
- buf_putc_careful(fs, ch);
- }
- }
+ while (getline(&lbuf, &lbuflen, stdin) >= 0)
+ fputs_careful(lbuf, fs, '^', true, TERM_WIDTH);
}
fprintf(fs, "%*s\r\n", TERM_WIDTH, " ");
diff --git a/term-utils/write.c b/term-utils/write.c
index 710a58c..1d57fce 100644
--- a/term-utils/write.c
+++ b/term-utils/write.c
@@ -276,7 +276,7 @@ static void do_write(const struct write_control *ctl)
if (signal_received)
break;
- if (fputs_careful(line, stdout, '^', true) == EOF)
+ if (fputs_careful(line, stdout, '^', true, 0) == EOF)
err(EXIT_FAILURE, _("carefulputc failed"));
}
free(line);
--
2.19.1

200
backport-write-correctly-handle-wide-characters.patch Executable file
View File

@ -0,0 +1,200 @@
From 8a7b8456d1dc0e7ca557d1ac31f638986704757f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
Date: Wed, 15 Mar 2023 16:16:31 +0100
Subject: [PATCH] write: correctly handle wide characters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Do this by replacing fputc_careful() (notice that the description said
it's locale-aware it very much is /not/), with a fputs_careful() which
does the same thing, but if it were to output a byte in the \123 format,
first it checks whether this byte starts a valid multibyte character.
If it does, and that character is printable, write it verbatim.
This means that
echo 'foo åäö ąęćźżń bar' | write nabijaczleweli pts/4
instead of
foo \303\245\303\244\303\266
\304\205\304\231\304\207\305\272\305\274\305\204 bar
yields
foo åäö ąęćźżń bar
or, more realistically, from a message I got earlier today,
Filip powiedzia\305\202 \305\274e zap\305\202aci jutro
becomes
Filip powiedział że zapłaci jutro
Invalid/non-printable sequences get processed as before.
Line reading in write must become getline() to avoid dealing with
partial characters: for example on input consisting solely of
ąęćźżń, where every {1} is an instance, the output would be
{42}ąęć\305\272żń{84}ąęćź\305\274ń{84}ąęćźż\305\204{39}
with just fixed-512 fgets()
Bug-Debian: https://bugs.debian.org/826596
---
include/carefulputc.h | 62 +++++++++++++++++++++++++++++++------------
login-utils/last.c | 4 +--
term-utils/write.c | 25 +++++------------
3 files changed, 53 insertions(+), 38 deletions(-)
diff --git a/include/carefulputc.h b/include/carefulputc.h
index f1c0356..4f74526 100644
--- a/include/carefulputc.h
+++ b/include/carefulputc.h
@@ -1,31 +1,59 @@
#ifndef UTIL_LINUX_CAREFULPUTC_H
#define UTIL_LINUX_CAREFULPUTC_H
-/*
- * A putc() for use in write and wall (that sometimes are sgid tty).
- * It avoids control characters in our locale, and also ASCII control
- * characters. Note that the locale of the recipient is unknown.
-*/
#include <stdio.h>
#include <string.h>
#include <ctype.h>
+#ifdef HAVE_WIDECHAR
+#include <wctype.h>
+#endif
+#include <stdbool.h>
#include "cctype.h"
-static inline int fputc_careful(int c, FILE *fp, const char fail)
+/*
+ * A puts() for use in write and wall (that sometimes are sgid tty).
+ * It avoids control and invalid characters.
+ * The locale of the recipient is nominally unknown,
+ * but it's a solid bet that the encoding is compatible with the author's.
+ */
+static inline int fputs_careful(const char * s, FILE *fp, const char ctrl, bool cr_lf)
{
- int ret;
-
- if (isprint(c) || c == '\a' || c == '\t' || c == '\r' || c == '\n')
- ret = putc(c, fp);
- else if (!c_isascii(c))
- ret = fprintf(fp, "\\%3o", (unsigned char)c);
- else {
- ret = putc(fail, fp);
- if (ret != EOF)
- ret = putc(c ^ 0x40, fp);
+ int ret = 0;
+
+ for (size_t slen = strlen(s); *s; ++s, --slen) {
+ if (*s == '\n')
+ ret = fputs(cr_lf ? "\r\n" : "\n", fp);
+ else if (isprint(*s) || *s == '\a' || *s == '\t' || *s == '\r')
+ ret = putc(*s, fp);
+ else if (!c_isascii(*s)) {
+#ifdef HAVE_WIDECHAR
+ wchar_t w;
+ size_t clen = mbtowc(&w, s, slen);
+ switch(clen) {
+ case (size_t)-2: // incomplete
+ case (size_t)-1: // EILSEQ
+ mbtowc(NULL, NULL, 0);
+ nonprint:
+ ret = fprintf(fp, "\\%3hho", *s);
+ break;
+ default:
+ if(!iswprint(w))
+ goto nonprint;
+ ret = fwrite(s, 1, clen, fp);
+ s += clen - 1;
+ slen -= clen - 1;
+ break;
+ }
+#else
+ ret = fprintf(fp, "\\%3hho", *s);
+#endif
+ } else
+ ret = fputs((char[]){ ctrl, *s ^ 0x40, '\0' }, fp);
+ if (ret < 0)
+ return EOF;
}
- return (ret < 0) ? EOF : 0;
+ return 0;
}
/*
diff --git a/login-utils/last.c b/login-utils/last.c
index 9d71ba4..c5984f1 100644
--- a/login-utils/last.c
+++ b/login-utils/last.c
@@ -395,7 +395,6 @@ static int list(const struct last_control *ctl, struct utmpx *p, time_t logout_t
char final[512];
char utline[sizeof(p->ut_line) + 1];
char domain[256];
- char *s;
int mins, hours, days;
int r, len;
struct last_timefmt *fmt;
@@ -551,8 +550,7 @@ static int list(const struct last_control *ctl, struct utmpx *p, time_t logout_t
/*
* Print out "final" string safely.
*/
- for (s = final; *s; s++)
- fputc_careful(*s, stdout, '*');
+ fputs_careful(final, stdout, '*', false);
if (len < 0 || (size_t)len >= sizeof(final))
putchar('\n');
diff --git a/term-utils/write.c b/term-utils/write.c
index 50f18dc..710a58c 100644
--- a/term-utils/write.c
+++ b/term-utils/write.c
@@ -223,21 +223,6 @@ static void signal_handler(int signo)
signal_received = signo;
}
-/*
- * write_line - like fputs(), but makes control characters visible and
- * turns \n into \r\n.
- */
-static void write_line(char *s)
-{
- while (*s) {
- const int c = *s++;
-
- if ((c == '\n' && fputc_careful('\r', stdout, '^') == EOF)
- || fputc_careful(c, stdout, '^') == EOF)
- err(EXIT_FAILURE, _("carefulputc failed"));
- }
-}
-
/*
* do_write - actually make the connection
*/
@@ -247,7 +232,8 @@ static void do_write(const struct write_control *ctl)
struct passwd *pwd;
time_t now;
struct tm *tm;
- char *host, line[512];
+ char *host, *line = NULL;
+ size_t linelen = 0;
struct sigaction sigact;
/* Determine our login name(s) before the we reopen() stdout */
@@ -286,11 +272,14 @@ static void do_write(const struct write_control *ctl)
free(host);
printf("\r\n");
- while (fgets(line, sizeof(line), stdin) != NULL) {
+ while (getline(&line, &linelen, stdin) >= 0) {
if (signal_received)
break;
- write_line(line);
+
+ if (fputs_careful(line, stdout, '^', true) == EOF)
+ err(EXIT_FAILURE, _("carefulputc failed"));
}
+ free(line);
printf("EOF\r\n");
}
--
2.19.1

14
util-linux.spec
View File

@ -2,7 +2,7 @@
Name: util-linux Name: util-linux
Version: 2.35.2 Version: 2.35.2
Release: 15 Release: 16
Summary: A random collection of Linux utilities Summary: A random collection of Linux utilities
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@ -82,6 +82,12 @@ Patch6002: backport-CVE-2021-3995.patch
Patch6003: backport-CVE-2021-3996.patch Patch6003: backport-CVE-2021-3996.patch
Patch6004: backport-prlimit-fix-optional-arguments-parsing.patch Patch6004: backport-prlimit-fix-optional-arguments-parsing.patch
Patch6005: backport-lscpu-use-SMBIOS-tables-on-ARM-for-lscpu.patch Patch6005: backport-lscpu-use-SMBIOS-tables-on-ARM-for-lscpu.patch
Patch6006: backport-wall-add-__format__-attribute.patch
Patch6007: backport-write-correctly-handle-wide-characters.patch
Patch6008: backport-wall-convert-homebrew-buffering-to-open_memstream.patch
Patch6009: backport-wall-use-fputs_careful.patch
Patch6010: backport-CVE-2024-28085.patch
Patch6011: backport-tests-fix-misc-setarch-run-in-a-docker-environment.patch
Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch
Patch9001: modify-rescuemode-chinese-error.patch Patch9001: modify-rescuemode-chinese-error.patch
@ -433,6 +439,12 @@ fi
%{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
%changelog %changelog
* Fri Mar 29 2024 zhangyao<zhangyao108@huawei.com> - 2.35.2-16
- Type:CVE
- CVE:CVE-2024-28085
- SUG:NA
- DESC:fix CVE-2024-28085 and fix setarch test failed
* Tue Mar 19 2024 cenhuilin <cenhuilin@kylinos.cn> - 2.35.2-15 * Tue Mar 19 2024 cenhuilin <cenhuilin@kylinos.cn> - 2.35.2-15
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA