52 lines
2.4 KiB
Diff
52 lines
2.4 KiB
Diff
From 3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org>
|
|
Date: Tue, 7 Mar 2023 18:25:37 +0100
|
|
Subject: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
|
|
|
|
A crafted mailto URI could contain unescaped double-quote
|
|
characters, allowing injection of Elisp code. Therefore, any
|
|
'\' and '"' characters are replaced by '\\' and '\"', using Bash
|
|
pattern substitution (which is not available in the POSIX shell).
|
|
|
|
We want to pass literal 'u=${1//\\/\\\\}; u=${u//\"/\\\"};' in the
|
|
bash -c command, but in the desktop entry '"', '$', and '\' must
|
|
be escaped as '\\"', '\\$', and '\\\\', respectively (backslashes
|
|
are expanded twice, see the Desktop Entry Specification).
|
|
|
|
Reported by Gabriel Corona <gabriel.corona@free.fr>.
|
|
|
|
* etc/emacsclient-mail.desktop (Exec): Escape backslash and
|
|
double-quote characters.
|
|
---
|
|
etc/emacsclient-mail.desktop | 7 +++++--
|
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/etc/emacsclient-mail.desktop b/etc/emacsclient-mail.desktop
|
|
index 91df122..49c6f99 100644
|
|
--- a/etc/emacsclient-mail.desktop
|
|
+++ b/etc/emacsclient-mail.desktop
|
|
@@ -1,7 +1,10 @@
|
|
[Desktop Entry]
|
|
Categories=Network;Email;
|
|
Comment=GNU Emacs is an extensible, customizable text editor - and more
|
|
-Exec=sh -c "exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
|
|
+# We want to pass the following commands to the shell wrapper:
|
|
+# u=${1//\\/\\\\}; u=${u//\"/\\\"}; exec emacsclient --alternate-editor= --display="$DISPLAY" --eval "(message-mailto \"$u\")"
|
|
+# Special chars '"', '$', and '\' must be escaped as '\\"', '\\$', and '\\\\'.
|
|
+Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --display=\\"\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
|
|
Icon=emacs
|
|
Name=Emacs (Mail, Client)
|
|
MimeType=x-scheme-handler/mailto;
|
|
@@ -13,7 +16,7 @@ Actions=new-window;new-instance;
|
|
|
|
[Desktop Action new-window]
|
|
Name=New Window
|
|
-Exec=sh -c "exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
|
|
+Exec=bash -c "u=\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=\\${u//\\\\\\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor= --create-frame --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
|
|
|
|
[Desktop Action new-instance]
|
|
Name=New Instance
|
|
--
|
|
cgit v1.1
|
|
|