Version 0.3.9.2

CMakeLists.txt

@@ -33,7 +33,7 @@ ENDIF(PREFIX)
 
 SET(VERSION_MAJOR "0")
 SET(VERSION_MINOR "3")
-SET(VERSION_PATCH "9")
+SET(VERSION_PATCH "9.2")
 SET(VERSION ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH})
 SET(LICENSE "GPL3")
 SET(PKG_STRING "${PROJECT_NAME} ${VERSION}")

ChangeLog

@@ -1,9 +1,20 @@
 WeeChat ChangeLog
 =================
 Sébastien Helleu <flashcode@flashtux.org>
-v0.3.9, 2012-09-29
+v0.3.9.2, 2012-11-18
 
 
+Version 0.3.9.2 (2012-11-18)
+----------------------------
+
+* core: do not call shell to execute command in hook_process (fix security
+  problem when a plugin/script gives untrusted command) (bug #37764)
+
+Version 0.3.9.1 (2012-11-09)
+----------------------------
+
+* irc: fix crash when decoding IRC colors in strings (bug #37704)
+
 Version 0.3.9 (2012-09-29)
 --------------------------
 

NEWS

@@ -1,9 +1,20 @@
 WeeChat Release Notes
 =====================
 Sébastien Helleu <flashcode@flashtux.org>
-v0.3.9, 2012-09-29
+v0.3.9.2, 2012-11-18
 
 
+Version 0.3.9.2 (2012-11-18)
+----------------------------
+
+This version fixes a security vulnerability when a plugin/script gives untrusted
+command to API function "hook_process".
+
+Version 0.3.9.1 (2012-11-09)
+----------------------------
+
+This version fixes crash when decoding IRC colors in strings.
+
 Version 0.3.9 (2012-09-29)
 --------------------------
 

configure.in

@@ -24,10 +24,10 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.56)
-AC_INIT(WeeChat, 0.3.9, flashcode@flashtux.org)
+AC_INIT(WeeChat, 0.3.9.2, flashcode@flashtux.org)
 AC_CONFIG_SRCDIR([src/core/weechat.c])
 AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE([weechat], [0.3.9])
+AM_INIT_AUTOMAKE([weechat], [0.3.9.2])
 LICENSE="GPL3"
 
 # Checks for programs

po/cs.po

@@ -18,10 +18,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:23+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Jiri Golembiovsky <golemj@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Czech\n"

po/de.po

@@ -21,10 +21,10 @@
 # nils, 2012.
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:24+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Nils Görs <weechatter@arcor.de>\n"
 "Language-Team: German <weechatter@arcor.de>\n"
 "Language: \n"

po/es.po

@@ -20,10 +20,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:24+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Spanish\n"

po/fr.po

@@ -19,10 +19,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:24+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Sebastien Helleu <flashcode@flashtux.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: French\n"

po/hu.po

@@ -18,10 +18,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:24+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Hungarian\n"

po/it.po

@@ -18,10 +18,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:25+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Marco Paolone <marcopaolone@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Italian\n"

po/ja.po

@@ -18,10 +18,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:25+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n"
 "Language-Team: Japanese <https://github.com/l/WeeChat>\n"
 "Language: ja\n"

po/pl.po

@@ -19,10 +19,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:25+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Krzysztof Korościk <soltys@szluug.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Polish\n"

po/pt_BR.po

@@ -19,10 +19,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:25+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Sergio Durigan Junior <sergiosdj@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Portuguese\n"

po/ru.po

@@ -19,10 +19,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-09-29 09:25+0200\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Aleksey V Zapparov AKA ixti <ixti@member.fsf.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Russian\n"

src/core/wee-hook.c

@@ -1387,9 +1387,9 @@ hook_process (struct t_weechat_plugin *plugin,
 void
 hook_process_child (struct t_hook *hook_process)
 {
-    char *exec_args[4] = { "sh", "-c", NULL, NULL };
+    char **exec_args;
     const char *ptr_url;
-    int rc;
+    int rc, i;
 
     /*
      * close stdin, so that process will fail to read stdin (process reading
@@ -1428,10 +1428,24 @@ hook_process_child (struct t_hook *hook_process)
     else
     {
         /* launch command */
-        exec_args[2] = HOOK_PROCESS(hook_process, command);
-        execvp (exec_args[0], exec_args);
+        exec_args = string_split_shell (HOOK_PROCESS(hook_process, command));
+        if (exec_args)
+        {
+            if (weechat_debug_core >= 1)
+            {
+                log_printf ("hook_process, command='%s'",
+                            HOOK_PROCESS(hook_process, command));
+                for (i = 0; exec_args[i]; i++)
+                {
+                    log_printf ("  args[%02d] == '%s'", i, exec_args[i]);
+                }
+            }
+            execvp (exec_args[0], exec_args);
+        }
 
         /* should not be executed if execvp was ok */
+        if (exec_args)
+            string_free_split (exec_args);
         fprintf (stderr, "Error with command '%s'\n",
                  HOOK_PROCESS(hook_process, command));
         rc = EXIT_FAILURE;

src/core/wee-string.c

@@ -1138,6 +1138,196 @@ string_split (const char *string, const char *separators, int keep_eol,
     return array;
 }
 
+/*
+ * string_split_shell: split a string like the shell does for a command with
+ *                     arguments.
+ *                     Note: result must be freed with string_free_split.
+ *                     This function is a C conversion of python class "shlex"
+ *                     (file: Lib/shlex.py in python repository)
+ *                     Doc: http://docs.python.org/3/library/shlex.html
+ *                     Copyrights in shlex.py:
+ *                       Module and documentation by Eric S. Raymond, 21 Dec 1998
+ *                       Input stacking and error message cleanup added by ESR, March 2000
+ *                       push_source() and pop_source() made explicit by ESR, January 2001.
+ *                       Posix compliance, split(), string arguments, and
+ *                       iterator interface by Gustavo Niemeyer, April 2003.
+ */
+
+char **
+string_split_shell (const char *string)
+{
+    int temp_len, num_args, add_char_to_temp, add_temp_to_args, quoted;
+    char *string2, *temp, **args, **args2, state, escapedstate;
+    char *ptr_string, *ptr_next, saved_char;
+
+    if (!string)
+        return NULL;
+
+    string2 = strdup (string);
+    if (!string2)
+        return NULL;
+
+    /*
+     * prepare "args" with one pointer to NULL, the "args" will be reallocated
+     * later, each time a new argument is added
+     */
+    num_args = 0;
+    args = malloc ((num_args + 1) * sizeof (args[0]));
+    if (!args)
+    {
+        free (string2);
+        return NULL;
+    }
+    args[0] = NULL;
+
+    /* prepare a temp string for working (adding chars one by one) */
+    temp = malloc ((2 * strlen (string)) + 1);
+    if (!temp)
+    {
+        free (string2);
+        free (args);
+        return NULL;
+    }
+    temp[0] = '\0';
+    temp_len = 0;
+
+    state = ' ';
+    escapedstate = ' ';
+    quoted = 0;
+    ptr_string = string2;
+    while (ptr_string[0])
+    {
+        add_char_to_temp = 0;
+        add_temp_to_args = 0;
+        ptr_next = utf8_next_char (ptr_string);
+        saved_char = ptr_next[0];
+        ptr_next[0] = '\0';
+        if (state == ' ')
+        {
+            if ((ptr_string[0] == ' ') || (ptr_string[0] == '\t')
+                || (ptr_string[0] == '\r') || (ptr_string[0] == '\n'))
+            {
+                if (temp[0] || quoted)
+                    add_temp_to_args = 1;
+            }
+            else if (ptr_string[0] == '\\')
+            {
+                escapedstate = 'a';
+                state = ptr_string[0];
+            }
+            else if ((ptr_string[0] == '\'') || (ptr_string[0] == '"'))
+            {
+                state = ptr_string[0];
+            }
+            else
+            {
+                add_char_to_temp = 1;
+                state = 'a';
+            }
+        }
+        else if ((state == '\'') || (state == '"'))
+        {
+            quoted = 1;
+            if (ptr_string[0] == state)
+            {
+                state = 'a';
+            }
+            else if ((state == '"') && (ptr_string[0] == '\\'))
+            {
+                escapedstate = state;
+                state = ptr_string[0];
+            }
+            else
+            {
+                add_char_to_temp = 1;
+            }
+        }
+        else if (state == '\\')
+        {
+            if (((escapedstate == '\'') || (escapedstate == '"'))
+                && (ptr_string[0] != state) && (ptr_string[0] != escapedstate))
+            {
+                temp[temp_len] = state;
+                temp_len++;
+                temp[temp_len] = '\0';
+            }
+            add_char_to_temp = 1;
+            state = escapedstate;
+        }
+        else if (state == 'a')
+        {
+            if ((ptr_string[0] == ' ') || (ptr_string[0] == '\t')
+                || (ptr_string[0] == '\r') || (ptr_string[0] == '\n'))
+            {
+                state = ' ';
+                if (temp[0] || quoted)
+                    add_temp_to_args = 1;
+            }
+            else if (ptr_string[0] == '\\')
+            {
+                escapedstate = 'a';
+                state = ptr_string[0];
+            }
+            else if ((ptr_string[0] == '\'') || (ptr_string[0] == '"'))
+            {
+                state = ptr_string[0];
+            }
+            else
+            {
+                add_char_to_temp = 1;
+            }
+        }
+        if (add_char_to_temp)
+        {
+            memcpy (temp + temp_len, ptr_string, ptr_next - ptr_string);
+            temp_len += (ptr_next - ptr_string);
+            temp[temp_len] = '\0';
+        }
+        if (add_temp_to_args)
+        {
+            num_args++;
+            args2 = realloc (args, (num_args + 1) * sizeof (args[0]));
+            if (!args2)
+            {
+                free (string2);
+                free (temp);
+                return args;
+            }
+            args = args2;
+            args[num_args - 1] = strdup (temp);
+            args[num_args] = NULL;
+            temp[0] = '\0';
+            temp_len = 0;
+            escapedstate = ' ';
+            quoted = 0;
+        }
+        ptr_next[0] = saved_char;
+        ptr_string = ptr_next;
+    }
+
+    if (temp[0] || (state != ' '))
+    {
+        num_args++;
+        args2 = realloc (args, (num_args + 1) * sizeof (args[0]));
+        if (!args2)
+        {
+            free (string2);
+            free (temp);
+            return args;
+        }
+        args = args2;
+        args[num_args - 1] = strdup (temp);
+        args[num_args] = NULL;
+        temp[0] = '\0';
+        temp_len = 0;
+    }
+
+    free (string2);
+    free (temp);
+
+    return args;
+}
+
 /*
  * string_free_split: free a split string
  */

src/core/wee-string.h

@@ -59,6 +59,7 @@ extern int string_has_highlight_regex_compiled (const char *string,
 extern int string_has_highlight_regex (const char *string, const char *regex);
 extern char **string_split (const char *string, const char *separators,
                             int keep_eol, int num_items_max, int *num_items);
+extern char **string_split_shell (const char *string);
 extern void string_free_split (char **split_string);
 extern char *string_build_with_split_string (const char **split_string,
                                              const char *separator);

src/plugins/irc/irc-color.c

@@ -62,13 +62,15 @@ char *irc_color_to_weechat[IRC_NUM_COLORS] =
 char *
 irc_color_decode (const char *string, int keep_colors)
 {
-    unsigned char *out, *ptr_string;
-    int out_length, length, out_pos;
-    char str_fg[3], str_bg[3], str_color[128], str_key[128];
+    unsigned char *out, *out2, *ptr_string;
+    int out_length, length, out_pos, length_to_add;
+    char str_fg[3], str_bg[3], str_color[128], str_key[128], str_to_add[128];
     const char *remapped_color;
     int fg, bg, bold, reverse, italic, underline, rc;
 
     out_length = (strlen (string) * 2) + 1;
+    if (out_length < 128)
+        out_length = 128;
     out = malloc (out_length);
     if (!out)
         return NULL;
@@ -80,20 +82,27 @@ irc_color_decode (const char *string, int keep_colors)
 
     ptr_string = (unsigned char *)string;
     out[0] = '\0';
+    out_pos = 0;
     while (ptr_string && ptr_string[0])
     {
+        str_to_add[0] = '\0';
         switch (ptr_string[0])
         {
             case IRC_COLOR_BOLD_CHAR:
                 if (keep_colors)
-                    strcat ((char *)out,
-                            weechat_color((bold) ? "-bold" : "bold"));
+                {
+                    snprintf (str_to_add, sizeof (str_to_add), "%s",
+                              weechat_color ((bold) ? "-bold" : "bold"));
+                }
                 bold ^= 1;
                 ptr_string++;
                 break;
             case IRC_COLOR_RESET_CHAR:
                 if (keep_colors)
-                    strcat ((char *)out, weechat_color("reset"));
+                {
+                    snprintf (str_to_add, sizeof (str_to_add), "%s",
+                              weechat_color ("reset"));
+                }
                 bold = 0;
                 reverse = 0;
                 italic = 0;
@@ -106,22 +115,28 @@ irc_color_decode (const char *string, int keep_colors)
             case IRC_COLOR_REVERSE_CHAR:
             case IRC_COLOR_REVERSE2_CHAR:
                 if (keep_colors)
-                    strcat ((char *)out,
-                            weechat_color((reverse) ? "-reverse" : "reverse"));
+                {
+                    snprintf (str_to_add, sizeof (str_to_add), "%s",
+                              weechat_color ((reverse) ? "-reverse" : "reverse"));
+                }
                 reverse ^= 1;
                 ptr_string++;
                 break;
             case IRC_COLOR_ITALIC_CHAR:
                 if (keep_colors)
-                    strcat ((char *)out,
-                            weechat_color((italic) ? "-italic" : "italic"));
+                {
+                    snprintf (str_to_add, sizeof (str_to_add), "%s",
+                              weechat_color ((italic) ? "-italic" : "italic"));
+                }
                 italic ^= 1;
                 ptr_string++;
                 break;
             case IRC_COLOR_UNDERLINE_CHAR:
                 if (keep_colors)
-                    strcat ((char *)out,
-                            weechat_color((underline) ? "-underline" : "underline"));
+                {
+                    snprintf (str_to_add, sizeof (str_to_add), "%s",
+                              weechat_color ((underline) ? "-underline" : "underline"));
+                }
                 underline ^= 1;
                 ptr_string++;
                 break;
@@ -194,22 +209,39 @@ irc_color_decode (const char *string, int keep_colors)
                                       (bg >= 0) ? "," : "",
                                       (bg >= 0) ? irc_color_to_weechat[bg] : "");
                         }
-                        strcat ((char *)out, weechat_color(str_color));
+                        snprintf (str_to_add, sizeof (str_to_add), "%s",
+                                  weechat_color (str_color));
                     }
                     else
-                        strcat ((char *)out, weechat_color("resetcolor"));
+                    {
+                        snprintf (str_to_add, sizeof (str_to_add), "%s",
+                                  weechat_color ("resetcolor"));
+                    }
                 }
                 break;
             default:
                 length = weechat_utf8_char_size ((char *)ptr_string);
                 if (length == 0)
                     length = 1;
-                out_pos = strlen ((char *)out);
-                memcpy (out + out_pos, ptr_string, length);
-                out[out_pos + length] = '\0';
+                memcpy (str_to_add, ptr_string, length);
+                str_to_add[length] = '\0';
                 ptr_string += length;
                 break;
         }
+        if (str_to_add[0])
+        {
+            length_to_add = strlen (str_to_add);
+            if (out_pos + length_to_add >= out_length)
+            {
+                out_length *= 2;
+                out2 = realloc (out, out_length);
+                if (!out2)
+                    return (char *)out;
+                out = out2;
+            }
+            memcpy (out + out_pos, str_to_add, length_to_add + 1);
+            out_pos += length_to_add;
+        }
     }
 
     return (char *)out;

weechat.spec

@@ -23,7 +23,7 @@
 #
 
 %define name weechat
-%define version 0.3.9
+%define version 0.3.9.2
 %define release 1
 
 Name:      %{name}
@@ -73,6 +73,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_includedir}/%{name}/weechat-plugin.h
 
 %changelog
+* Sun Nov 18 2012 Sebastien Helleu <flashcode@flashtux.org> 0.3.9.2-1
+- Released version 0.3.9.2
+* Fri Nov 09 2012 Sebastien Helleu <flashcode@flashtux.org> 0.3.9.1-1
+- Released version 0.3.9.1
 * Sat Sep 29 2012 Sebastien Helleu <flashcode@flashtux.org> 0.3.9-1
 - Released version 0.3.9
 * Sun Jun 03 2012 Sebastien Helleu <flashcode@flashtux.org> 0.3.8-1