mirrors/github.com_openSUSE_osc
1
0
Fork 0
mirror of https://github.com/openSUSE/osc.git synced 2025-02-24 19:22:13 +01:00
Code

Merge pull request #1382 from andreas-schwab/master

Browse Source 
print_buildlog: Remove control characters from build log before printing (CVE-2012-1095)
This commit is contained in:
Daniel Mach 2023-08-15 15:04:07 +02:00 committed by GitHub
commit bf4b847f2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
osc/core.py
View File

@ -6955,8 +6955,11 @@ def print_buildlog(
def print_data(data, strip_time=False): def print_data(data, strip_time=False):
if strip_time: if strip_time:
data = buildlog_strip_time(data) data = buildlog_strip_time(data)
output_buffer.write(data) output_buffer.write(data.translate(all_bytes, remove_bytes))
# to protect us against control characters (CVE-2012-1095)
all_bytes = bytes.maketrans(b'', b'')
remove_bytes = all_bytes[:8] + all_bytes[14:32] # accept tabs and newlines
query = {'nostream': '1', 'start': '%s' % offset} query = {'nostream': '1', 'start': '%s' % offset}
if last: if last:
query['last'] = 1 query['last'] = 1