From 820f0793f0b46448928905552726c1f1b999062f Mon Sep 17 00:00:00 2001 From: Xi Lu Date: Tue, 10 Oct 2023 22:20:05 +0800 Subject: [PATCH] Fix man.el shell injection vulnerability * lisp/man.el (Man-translate-references): Fix shell injection vulnerability. (Bug#66390) * test/lisp/man-tests.el (man-tests-Man-translate-references): New test. --- lisp/man.el | 6 +++++- test/lisp/man-tests.el | 12 ++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lisp/man.el b/lisp/man.el index 55cb9383bec..d96396483d3 100644 --- a/lisp/man.el +++ b/lisp/man.el @@ -761,7 +761,11 @@ and the `Man-section-translations-alist' variables)." (setq name (match-string 2 ref) section (match-string 1 ref)))) (if (string= name "") - ref ; Return the reference as is + ;; see Bug#66390 + (mapconcat 'identity + (mapcar #'shell-quote-argument + (split-string ref "\\s-+")) + " ") ; Return the reference as is (if Man-downcase-section-letters-flag (setq section (downcase section))) (while slist diff --git a/test/lisp/man-tests.el b/test/lisp/man-tests.el index 140482ee622..11f5f805e43 100644 --- a/test/lisp/man-tests.el +++ b/test/lisp/man-tests.el @@ -161,6 +161,18 @@ DESCRIPTION (let ((button (button-at (match-beginning 0)))) (should (and button (eq 'Man-xref-header-file (button-type button)))))))))) +(ert-deftest man-tests-Man-translate-references () + (should (equal (Man-translate-references "basename") + "basename")) + (should (equal (Man-translate-references "basename(3)") + "3 basename")) + (should (equal (Man-translate-references "basename(3v)") + "3v basename")) + (should (equal (Man-translate-references ";id") + "\\;id")) + (should (equal (Man-translate-references "-k basename") + "-k basename"))) + (provide 'man-tests) ;;; man-tests.el ends here -- 2.39.2