Version 0.3.9.2

CMakeLists.txt

@@ -33,7 +33,7 @@ ENDIF(PREFIX)
 
 SET(VERSION_MAJOR "0")
 SET(VERSION_MINOR "3")
-SET(VERSION_PATCH "9.1")
+SET(VERSION_PATCH "9.2")
 SET(VERSION ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH})
 SET(LICENSE "GPL3")
 SET(PKG_STRING "${PROJECT_NAME} ${VERSION}")

ChangeLog

@@ -1,9 +1,15 @@
 WeeChat ChangeLog
 =================
 Sébastien Helleu <flashcode@flashtux.org>
-v0.3.9.1, 2012-11-09
+v0.3.9.2, 2012-11-18
 
 
+Version 0.3.9.2 (2012-11-18)
+----------------------------
+
+* core: do not call shell to execute command in hook_process (fix security
+  problem when a plugin/script gives untrusted command) (bug #37764)
+
 Version 0.3.9.1 (2012-11-09)
 ----------------------------
 

NEWS

@@ -1,9 +1,15 @@
 WeeChat Release Notes
 =====================
 Sébastien Helleu <flashcode@flashtux.org>
-v0.3.9.1, 2012-11-09
+v0.3.9.2, 2012-11-18
 
 
+Version 0.3.9.2 (2012-11-18)
+----------------------------
+
+This version fixes a security vulnerability when a plugin/script gives untrusted
+command to API function "hook_process".
+
 Version 0.3.9.1 (2012-11-09)
 ----------------------------
 

configure.in

@@ -24,10 +24,10 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.56)
-AC_INIT(WeeChat, 0.3.9.1, flashcode@flashtux.org)
+AC_INIT(WeeChat, 0.3.9.2, flashcode@flashtux.org)
 AC_CONFIG_SRCDIR([src/core/weechat.c])
 AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE([weechat], [0.3.9.1])
+AM_INIT_AUTOMAKE([weechat], [0.3.9.2])
 LICENSE="GPL3"
 
 # Checks for programs

po/cs.po

@@ -18,10 +18,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Jiri Golembiovsky <golemj@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Czech\n"

po/de.po

@@ -21,10 +21,10 @@
 # nils, 2012.
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Nils Görs <weechatter@arcor.de>\n"
 "Language-Team: German <weechatter@arcor.de>\n"
 "Language: \n"

po/es.po

@@ -20,10 +20,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Spanish\n"

po/fr.po

@@ -19,10 +19,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Sebastien Helleu <flashcode@flashtux.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: French\n"

po/hu.po

@@ -18,10 +18,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Hungarian\n"

po/it.po

@@ -18,10 +18,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Marco Paolone <marcopaolone@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Italian\n"

po/ja.po

@@ -18,10 +18,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n"
 "Language-Team: Japanese <https://github.com/l/WeeChat>\n"
 "Language: ja\n"

po/pl.po

@@ -19,10 +19,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Krzysztof Korościk <soltys@szluug.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Polish\n"

po/pt_BR.po

@@ -19,10 +19,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Sergio Durigan Junior <sergiosdj@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Portuguese\n"

po/ru.po

@@ -19,10 +19,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: WeeChat 0.3.9.1\n"
+"Project-Id-Version: WeeChat 0.3.9.2\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
 "POT-Creation-Date: 2012-09-29 09:37+0200\n"
-"PO-Revision-Date: 2012-11-09 18:36+0100\n"
+"PO-Revision-Date: 2012-11-18 10:51+0100\n"
 "Last-Translator: Aleksey V Zapparov AKA ixti <ixti@member.fsf.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: Russian\n"

src/core/wee-hook.c

@@ -1387,9 +1387,9 @@ hook_process (struct t_weechat_plugin *plugin,
 void
 hook_process_child (struct t_hook *hook_process)
 {
-    char *exec_args[4] = { "sh", "-c", NULL, NULL };
+    char **exec_args;
     const char *ptr_url;
-    int rc;
+    int rc, i;
 
     /*
      * close stdin, so that process will fail to read stdin (process reading
@@ -1428,10 +1428,24 @@ hook_process_child (struct t_hook *hook_process)
     else
     {
         /* launch command */
-        exec_args[2] = HOOK_PROCESS(hook_process, command);
-        execvp (exec_args[0], exec_args);
+        exec_args = string_split_shell (HOOK_PROCESS(hook_process, command));
+        if (exec_args)
+        {
+            if (weechat_debug_core >= 1)
+            {
+                log_printf ("hook_process, command='%s'",
+                            HOOK_PROCESS(hook_process, command));
+                for (i = 0; exec_args[i]; i++)
+                {
+                    log_printf ("  args[%02d] == '%s'", i, exec_args[i]);
+                }
+            }
+            execvp (exec_args[0], exec_args);
+        }
 
         /* should not be executed if execvp was ok */
+        if (exec_args)
+            string_free_split (exec_args);
         fprintf (stderr, "Error with command '%s'\n",
                  HOOK_PROCESS(hook_process, command));
         rc = EXIT_FAILURE;

src/core/wee-string.c

@@ -1138,6 +1138,196 @@ string_split (const char *string, const char *separators, int keep_eol,
     return array;
 }
 
+/*
+ * string_split_shell: split a string like the shell does for a command with
+ *                     arguments.
+ *                     Note: result must be freed with string_free_split.
+ *                     This function is a C conversion of python class "shlex"
+ *                     (file: Lib/shlex.py in python repository)
+ *                     Doc: http://docs.python.org/3/library/shlex.html
+ *                     Copyrights in shlex.py:
+ *                       Module and documentation by Eric S. Raymond, 21 Dec 1998
+ *                       Input stacking and error message cleanup added by ESR, March 2000
+ *                       push_source() and pop_source() made explicit by ESR, January 2001.
+ *                       Posix compliance, split(), string arguments, and
+ *                       iterator interface by Gustavo Niemeyer, April 2003.
+ */
+
+char **
+string_split_shell (const char *string)
+{
+    int temp_len, num_args, add_char_to_temp, add_temp_to_args, quoted;
+    char *string2, *temp, **args, **args2, state, escapedstate;
+    char *ptr_string, *ptr_next, saved_char;
+
+    if (!string)
+        return NULL;
+
+    string2 = strdup (string);
+    if (!string2)
+        return NULL;
+
+    /*
+     * prepare "args" with one pointer to NULL, the "args" will be reallocated
+     * later, each time a new argument is added
+     */
+    num_args = 0;
+    args = malloc ((num_args + 1) * sizeof (args[0]));
+    if (!args)
+    {
+        free (string2);
+        return NULL;
+    }
+    args[0] = NULL;
+
+    /* prepare a temp string for working (adding chars one by one) */
+    temp = malloc ((2 * strlen (string)) + 1);
+    if (!temp)
+    {
+        free (string2);
+        free (args);
+        return NULL;
+    }
+    temp[0] = '\0';
+    temp_len = 0;
+
+    state = ' ';
+    escapedstate = ' ';
+    quoted = 0;
+    ptr_string = string2;
+    while (ptr_string[0])
+    {
+        add_char_to_temp = 0;
+        add_temp_to_args = 0;
+        ptr_next = utf8_next_char (ptr_string);
+        saved_char = ptr_next[0];
+        ptr_next[0] = '\0';
+        if (state == ' ')
+        {
+            if ((ptr_string[0] == ' ') || (ptr_string[0] == '\t')
+                || (ptr_string[0] == '\r') || (ptr_string[0] == '\n'))
+            {
+                if (temp[0] || quoted)
+                    add_temp_to_args = 1;
+            }
+            else if (ptr_string[0] == '\\')
+            {
+                escapedstate = 'a';
+                state = ptr_string[0];
+            }
+            else if ((ptr_string[0] == '\'') || (ptr_string[0] == '"'))
+            {
+                state = ptr_string[0];
+            }
+            else
+            {
+                add_char_to_temp = 1;
+                state = 'a';
+            }
+        }
+        else if ((state == '\'') || (state == '"'))
+        {
+            quoted = 1;
+            if (ptr_string[0] == state)
+            {
+                state = 'a';
+            }
+            else if ((state == '"') && (ptr_string[0] == '\\'))
+            {
+                escapedstate = state;
+                state = ptr_string[0];
+            }
+            else
+            {
+                add_char_to_temp = 1;
+            }
+        }
+        else if (state == '\\')
+        {
+            if (((escapedstate == '\'') || (escapedstate == '"'))
+                && (ptr_string[0] != state) && (ptr_string[0] != escapedstate))
+            {
+                temp[temp_len] = state;
+                temp_len++;
+                temp[temp_len] = '\0';
+            }
+            add_char_to_temp = 1;
+            state = escapedstate;
+        }
+        else if (state == 'a')
+        {
+            if ((ptr_string[0] == ' ') || (ptr_string[0] == '\t')
+                || (ptr_string[0] == '\r') || (ptr_string[0] == '\n'))
+            {
+                state = ' ';
+                if (temp[0] || quoted)
+                    add_temp_to_args = 1;
+            }
+            else if (ptr_string[0] == '\\')
+            {
+                escapedstate = 'a';
+                state = ptr_string[0];
+            }
+            else if ((ptr_string[0] == '\'') || (ptr_string[0] == '"'))
+            {
+                state = ptr_string[0];
+            }
+            else
+            {
+                add_char_to_temp = 1;
+            }
+        }
+        if (add_char_to_temp)
+        {
+            memcpy (temp + temp_len, ptr_string, ptr_next - ptr_string);
+            temp_len += (ptr_next - ptr_string);
+            temp[temp_len] = '\0';
+        }
+        if (add_temp_to_args)
+        {
+            num_args++;
+            args2 = realloc (args, (num_args + 1) * sizeof (args[0]));
+            if (!args2)
+            {
+                free (string2);
+                free (temp);
+                return args;
+            }
+            args = args2;
+            args[num_args - 1] = strdup (temp);
+            args[num_args] = NULL;
+            temp[0] = '\0';
+            temp_len = 0;
+            escapedstate = ' ';
+            quoted = 0;
+        }
+        ptr_next[0] = saved_char;
+        ptr_string = ptr_next;
+    }
+
+    if (temp[0] || (state != ' '))
+    {
+        num_args++;
+        args2 = realloc (args, (num_args + 1) * sizeof (args[0]));
+        if (!args2)
+        {
+            free (string2);
+            free (temp);
+            return args;
+        }
+        args = args2;
+        args[num_args - 1] = strdup (temp);
+        args[num_args] = NULL;
+        temp[0] = '\0';
+        temp_len = 0;
+    }
+
+    free (string2);
+    free (temp);
+
+    return args;
+}
+
 /*
  * string_free_split: free a split string
  */

src/core/wee-string.h

@@ -59,6 +59,7 @@ extern int string_has_highlight_regex_compiled (const char *string,
 extern int string_has_highlight_regex (const char *string, const char *regex);
 extern char **string_split (const char *string, const char *separators,
                             int keep_eol, int num_items_max, int *num_items);
+extern char **string_split_shell (const char *string);
 extern void string_free_split (char **split_string);
 extern char *string_build_with_split_string (const char **split_string,
                                              const char *separator);

weechat.spec

@@ -23,7 +23,7 @@
 #
 
 %define name weechat
-%define version 0.3.9.1
+%define version 0.3.9.2
 %define release 1
 
 Name:      %{name}
@@ -73,6 +73,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_includedir}/%{name}/weechat-plugin.h
 
 %changelog
+* Sun Nov 18 2012 Sebastien Helleu <flashcode@flashtux.org> 0.3.9.2-1
+- Released version 0.3.9.2
 * Fri Nov 09 2012 Sebastien Helleu <flashcode@flashtux.org> 0.3.9.1-1
 - Released version 0.3.9.1
 * Sat Sep 29 2012 Sebastien Helleu <flashcode@flashtux.org> 0.3.9-1