[Pkg-libvirt-commits] [libguestfs] 33/116: daemon: strings: Use -a option to avoid using BFD to parse files.

Hilko Bengen bengen at moszumanska.debian.org
Wed Nov 26 22:04:53 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag debian/1%1.29.10-1
in repository libguestfs.

commit f27e2426491efab7904c2863a8a443416babc571
Author: Richard W.M. Jones <rjones at redhat.com>
Date:   Wed Nov 5 14:33:39 2014 +0000

    daemon: strings: Use -a option to avoid using BFD to parse files.
    
    Avoids hitting CVE-2014-8484 and CVE-2014-8485 and similar problems
    with BFD parsing on untrusted files.
---
 daemon/strings.c     |  2 +-
 generator/actions.ml | 12 ++++++------
 src/guestfs.pod      |  4 ++--
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/daemon/strings.c b/daemon/strings.c
index 332cba7..6e81b9e 100644
--- a/daemon/strings.c
+++ b/daemon/strings.c
@@ -50,7 +50,7 @@ do_strings_e (const char *encoding, const char *path)
   }
 
   flags = COMMAND_FLAG_CHROOT_COPY_FILE_TO_STDIN | fd;
-  r = commandf (&out, &err, flags, "strings", "-e", encoding, NULL);
+  r = commandf (&out, &err, flags, "strings", "-a", "-e", encoding, NULL);
   if (r == -1) {
     reply_with_error ("%s: %s", path, err);
     return NULL;
diff --git a/generator/actions.ml b/generator/actions.ml
index 83f4734..a01d3e4 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -5366,9 +5366,9 @@ The external L<cmp(1)> program is used for the comparison." };
 This runs the L<strings(1)> command on a file and returns
 the list of printable strings found.
 
-B<Use this API with caution.>  In particular, it's generally not
-a good idea to use it on untrusted files.  For more information
-see L<guestfs(3)/CVE-2014-8484>." };
+The C<strings> command has, in the past, had problems with
+parsing untrusted files.  These are mitigated in the current
+version of libguestfs, but see L<guestfs(3)/CVE-2014-8484>." };
 
   { defaults with
     name = "strings_e";
@@ -5425,9 +5425,9 @@ This is useful for examining binaries in Windows guests.
 
 The returned strings are transcoded to UTF-8.
 
-B<Use this API with caution.>  In particular, it's generally not
-a good idea to use it on untrusted files.  For more information
-see L<guestfs(3)/CVE-2014-8484>." };
+The C<strings> command has, in the past, had problems with
+parsing untrusted files.  These are mitigated in the current
+version of libguestfs, but see L<guestfs(3)/CVE-2014-8484>." };
 
   { defaults with
     name = "hexdump";
diff --git a/src/guestfs.pod b/src/guestfs.pod
index 2775864..949ff7a 100644
--- a/src/guestfs.pod
+++ b/src/guestfs.pod
@@ -2216,8 +2216,8 @@ thus the L</guestfs_strings> and L</guestfs_strings_e> APIs in
 libguestfs.  Running strings on an untrusted file could cause
 arbitrary code execution (confined to the libguestfs appliance).
 
-There are thought to be many similar bugs in binutils, so even if
-these two bugs are fixed, avoid using these two libguestfs APIs.
+In libguestfs E<ge> 1.29.5 and E<ge> 1.28.3, libguestfs uses the
+C<strings> I<-a> option to avoid BFD parsing on the file.
 
 =head1 CONNECTION MANAGEMENT
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libguestfs.git

More information about the Pkg-libvirt-commits mailing list