From b4daf3b0fd8f8efd95141f6375003e26b822da36 Mon Sep 17 00:00:00 2001 From: wlemb Date: Mon, 13 Nov 2000 16:51:26 +0000 Subject: For security reasons, don't use the current directory but the home directory while searching and scanning troffrc and troffrc-end. Similarly, replace the current directory with the home directory in the font path. * Makefile.in (fontpath, tmacpath): Remove current directory. * src/libs/libgroff/searchpath.cc (search_path::search_path): Add two parameters `add_home' and `add_current'. (search_path::~search_path, search_path::command_line_dir, search_path::open_file): Remove tests for `dirs' being zero. * src/include/searchpath.h: Adjust. * src/libs/libgroff/macropath.cc, src/include/macropath.h: Add `safer_macro_path'. * src/libs/libgroff/fontfile.cc: Adjust `font_path'. * src/roff/troff/troff.h: Add `searchpath.h' and `mac_path'. * src/roff/troff/input.cc: Use `mac_path', initialized with `macro_path'. (process_startup_file): Set `mac_path' to `safer_macro_path'. * src/roff/troff/env.cc: Use `mac_path'. * src/preproc/eqn/main.cc (main): Use `safer_macro_path'. * NEWS, man/roff.man, src/roff/troff/troff.man, src/rof/groff/groff.man, tmac/groff_tmac.man, arch/djgpp/README: Updated. * src/include/lib.h: Don't include groff-getopt.h for OSF/1. * aclocal.m4 (GROFF_SYS_ERRLIST): Do test in C, not in C++. * configure.in: Fix typo in comment. * configure: Regenerated. * src/libgroff/*, src/include/*, src/roff/troff/*: Fixing copyright dates. --- src/roff/groff/groff.man | 6 ++++++ src/roff/troff/column.cc | 2 +- src/roff/troff/div.cc | 2 +- src/roff/troff/env.cc | 5 ++--- src/roff/troff/env.h | 2 +- src/roff/troff/input.cc | 20 ++++++++++++-------- src/roff/troff/node.cc | 2 +- src/roff/troff/node.h | 2 +- src/roff/troff/reg.cc | 2 +- src/roff/troff/reg.h | 2 +- src/roff/troff/request.h | 2 +- src/roff/troff/troff.h | 5 ++++- src/roff/troff/troff.man | 49 ++++++++++++++++++++++++++++++------------------ 13 files changed, 63 insertions(+), 38 deletions(-) (limited to 'src/roff') diff --git a/src/roff/groff/groff.man b/src/roff/groff/groff.man index 16bc7ef4..8fa2377a 100644 --- a/src/roff/groff/groff.man +++ b/src/roff/groff/groff.man @@ -347,6 +347,9 @@ and .B GROFF_TMAC_PATH A colon separated list of directories in which to search for macro files in addition to the default directories. +See +.BR troff (1) +for more details. .TP .SM .B GROFF_TYPESETTER @@ -357,6 +360,9 @@ Default device. A colon separated list of directories in which to search for the .BI dev name directory in addition to the default one. +See +.BR troff (1) +for more details. .TP .SM .B GROFF_BIN_PATH diff --git a/src/roff/troff/column.cc b/src/roff/troff/column.cc index 096f3811..8d6a6ebe 100644 --- a/src/roff/troff/column.cc +++ b/src/roff/troff/column.cc @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. diff --git a/src/roff/troff/div.cc b/src/roff/troff/div.cc index 8566cd0f..01ee2c61 100644 --- a/src/roff/troff/div.cc +++ b/src/roff/troff/div.cc @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. diff --git a/src/roff/troff/env.cc b/src/roff/troff/env.cc index cd5c45c9..378cfffd 100644 --- a/src/roff/troff/env.cc +++ b/src/roff/troff/env.cc @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. @@ -29,7 +29,6 @@ Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "div.h" #include "reg.h" #include "charinfo.h" -#include "searchpath.h" #include "macropath.h" #include @@ -3114,7 +3113,7 @@ void hyphen_trie::read_patterns_file(const char *name) int num[WORD_MAX+1]; errno = 0; char *path = 0; - FILE *fp = macro_path.open_file(name, &path); + FILE *fp = mac_path->open_file(name, &path); if (fp == 0) { error("can't find hyphenation patterns file `%1'", name); return; diff --git a/src/roff/troff/env.h b/src/roff/troff/env.h index d2a1fb34..6792ea63 100644 --- a/src/roff/troff/env.h +++ b/src/roff/troff/env.h @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. diff --git a/src/roff/troff/input.cc b/src/roff/troff/input.cc index 125b3272..b9cd5c84 100644 --- a/src/roff/troff/input.cc +++ b/src/roff/troff/input.cc @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. @@ -31,7 +31,6 @@ Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "charinfo.h" #include "stringclass.h" #include "font.h" -#include "searchpath.h" #include "macropath.h" #include "defs.h" @@ -114,6 +113,8 @@ int is_html2 = 0; int tcommand_flag = 0; int safer_flag = 1; // safer by default +search_path *mac_path = ¯o_path; + static int get_copy(node**, int = 0); static void copy_mode_error(const char *, const errarg & = empty_errarg, @@ -5641,13 +5642,13 @@ static FILE *open_mac_file(const char *mac, char **path) char *s1 = new char[strlen(mac)+strlen(MACRO_POSTFIX)+1]; strcpy(s1, mac); strcat(s1, MACRO_POSTFIX); - FILE *fp = macro_path.open_file(s1, path); + FILE *fp = mac_path->open_file(s1, path); a_delete s1; if (!fp) { char *s2 = new char[strlen(mac)+strlen(MACRO_PREFIX)+1]; strcpy(s2, MACRO_PREFIX); strcat(s2, mac); - fp = macro_path.open_file(s2, path); + fp = mac_path->open_file(s2, path); a_delete s2; } return fp; @@ -5669,13 +5670,16 @@ static void process_macro_file(const char *mac) static void process_startup_file(char *filename) { char *path; - FILE *fp = macro_path.open_file(filename, &path); + // restrict path for security reasons + mac_path = &safer_macro_path; + FILE *fp = mac_path->open_file(filename, &path); if (fp) { input_stack::push(new file_iterator(fp, symbol(path).contents())); a_delete path; tok.next(); process_input_stack(); } + mac_path = ¯o_path; } void macro_source() @@ -5687,7 +5691,7 @@ void macro_source() while (!tok.newline() && !tok.eof()) tok.next(); char *path; - FILE *fp = macro_path.open_file(nm.contents(), &path); + FILE *fp = mac_path->open_file(nm.contents(), &path); // .mso doesn't (and cannot) go through open_mac_file, so we // need to do it here manually: If we have tmac.FOOBAR, try // FOOBAR.tmac and vice versa @@ -5697,7 +5701,7 @@ void macro_source() char *s = new char[strlen(fn) + sizeof(MACRO_POSTFIX)]; strcpy(s, fn + sizeof(MACRO_PREFIX) - 1); strcat(s, MACRO_POSTFIX); - fp = macro_path.open_file(s, &path); + fp = mac_path->open_file(s, &path); a_delete s; } if (!fp) { @@ -5706,7 +5710,7 @@ void macro_source() char *s = new char[strlen(fn) + sizeof(MACRO_PREFIX)]; strcpy(s, MACRO_PREFIX); strncat(s, fn, strlen(fn) - sizeof(MACRO_POSTFIX) + 1); - fp = macro_path.open_file(s, &path); + fp = mac_path->open_file(s, &path); a_delete s; } } diff --git a/src/roff/troff/node.cc b/src/roff/troff/node.cc index a114a40e..f5585512 100644 --- a/src/roff/troff/node.cc +++ b/src/roff/troff/node.cc @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. diff --git a/src/roff/troff/node.h b/src/roff/troff/node.h index 21e585dc..6a602dc3 100644 --- a/src/roff/troff/node.h +++ b/src/roff/troff/node.h @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. diff --git a/src/roff/troff/reg.cc b/src/roff/troff/reg.cc index 79e78062..254b0ff4 100644 --- a/src/roff/troff/reg.cc +++ b/src/roff/troff/reg.cc @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. diff --git a/src/roff/troff/reg.h b/src/roff/troff/reg.h index b983b875..fe04f2ab 100644 --- a/src/roff/troff/reg.h +++ b/src/roff/troff/reg.h @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. diff --git a/src/roff/troff/request.h b/src/roff/troff/request.h index 7b3ad014..a26ebf48 100644 --- a/src/roff/troff/request.h +++ b/src/roff/troff/request.h @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. diff --git a/src/roff/troff/troff.h b/src/roff/troff/troff.h index 1f1e612b..5702d24e 100644 --- a/src/roff/troff/troff.h +++ b/src/roff/troff/troff.h @@ -1,5 +1,5 @@ // -*- C++ -*- -/* Copyright (C) 1989, 1990, 1991, 1992 Free Software Foundation, Inc. +/* Copyright (C) 1989, 1990, 1991, 1992, 2000 Free Software Foundation, Inc. Written by James Clark (jjc@jclark.com) This file is part of groff. @@ -30,6 +30,7 @@ Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "lib.h" #include "assert.h" #include "device.h" +#include "searchpath.h" void cleanup_and_exit(int n); @@ -48,6 +49,8 @@ extern int vresolution; extern int hresolution; extern int sizescale; +extern search_path *mac_path; + #include "cset.h" #include "cmap.h" #include "errarg.h" diff --git a/src/roff/troff/troff.man b/src/roff/troff/troff.man index 0b883b88..c7bd2a71 100644 --- a/src/roff/troff/troff.man +++ b/src/roff/troff/troff.man @@ -147,8 +147,13 @@ Read in the file If it isn't found, try .BI tmac. name instead. -Normally this will be searched for in the current directory, @LOCALMACRODIR@, -@SYSTEMMACRODIR@, or @MACRODIR@. +It will be first searched for in directories given with the +.B \-M +command line option, then in the current directory, then in directories given +in the +.B GROFF_MACRO_PATH +environment variable, then in @LOCALMACRODIR@, @SYSTEMMACRODIR@, and +@MACRODIR@. .TP .B \-U Unsafe mode. @@ -214,25 +219,22 @@ rather than the default .BR @DEVICE@ . .TP .BI \-F dir -Search +Search in directory (or directory path) .I dir for subdirectories .BI dev name .RI ( name -is the name of the device) -for the +is the name of the device) and there for the .B DESC -file and font files before the normal -.BR @FONTDIR@ . +file and font files. +.I dir +is scanned before all other font directories. .TP .BI \-M dir -Search directory +Search directory (or directory path) .I dir -for macro files before the normal -.BR @LOCALMACRODIR@ , -.BR @SYSTEMMACRODIR@ , -and -.BR @MACRODIR@ . +for macro files. +This is scanned before all other macro directories. .SH USAGE Only the features not in Unix troff are described here. .SS Long names @@ -2194,10 +2196,13 @@ escape sequence. A colon separated list of directories in which to search for macro files. .B troff -will search in directories given in the +will scan directories given in +the .B \-M -option before these, and in standard directories -.RB ( @MACROPATH@ ) +option before these, and in standard directories (home directory, +.BR @LOCALMACRODIR@ , +.BR @SYSTEMMACRODIR@ , +.BR @MACRODIR@ ) after these. .TP .SM @@ -2210,10 +2215,11 @@ A colon separated list of directories in which to search for the .BI dev name directory. .B troff -will search in directories given in the +will scan directories given in the .B \-F option before these, and in standard directories -.RB ( @FONTPATH@ ) +(home directory, +.BR @FONTPATH@ ) after these. .SH FILES .Tp \w'@FONTDIR@/devname/DESC'u+3n @@ -2237,6 +2243,13 @@ Font file for font .I F of device .IR name . +.LP +While searching for and scanning the initialization files +.B troffrc +and +.BR troffrc-end , +a special search path is used for security reasons: The current directory +is replaced with the home directory in the search path. .SH "SEE ALSO" .BR groff (@MAN1EXT@), .BR @g@tbl (@MAN1EXT@), -- cgit v1.2.1