File CVE-2025-1244.patch of Package emacs.37474
From 820f0793f0b46448928905552726c1f1b999062f Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Tue, 10 Oct 2023 22:20:05 +0800
Subject: Fix man.el shell injection vulnerability
* lisp/man.el (Man-translate-references): Fix shell injection
vulnerability. (Bug#66390)
* test/lisp/man-tests.el (man-tests-Man-translate-references): New
test.
---
lisp/man.el | 6 +++++-
test/lisp/man-tests.el | 12 ++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/lisp/man.el b/lisp/man.el
index 55cb938..d963964 100644
--- a/lisp/man.el
+++ b/lisp/man.el
@@ -667,7 +667,11 @@ and the `Man-section-translations-alist' variables)."
(setq name (match-string 2 ref)
section (match-string 1 ref))))
(if (string= name "")
- ref ; Return the reference as is
+ ;; see Bug#66390
+ (mapconcat 'identity
+ (mapcar #'shell-quote-argument
+ (split-string ref "\\s-+"))
+ " ") ; Return the reference as is
(if Man-downcase-section-letters-flag
(setq section (downcase section)))
(while slist
!diff --git a/test/lisp/man-tests.el b/test/lisp/man-tests.el
!index 140482e..11f5f80 100644
!--- a/test/lisp/man-tests.el
!+++ b/test/lisp/man-tests.el
!@@ -161,6 +161,18 @@ DESCRIPTION
! (let ((button (button-at (match-beginning 0))))
! (should (and button (eq 'Man-xref-header-file (button-type button))))))))))
!
!+(ert-deftest man-tests-Man-translate-references ()
!+ (should (equal (Man-translate-references "basename")
!+ "basename"))
!+ (should (equal (Man-translate-references "basename(3)")
!+ "3 basename"))
!+ (should (equal (Man-translate-references "basename(3v)")
!+ "3v basename"))
!+ (should (equal (Man-translate-references ";id")
!+ "\\;id"))
!+ (should (equal (Man-translate-references "-k basename")
!+ "-k basename")))
!+
! (provide 'man-tests)
!
! ;;; man-tests.el ends here
--
cgit v1.1
