diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2022-05-30 17:03:26 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2022-05-31 18:13:34 -0700 |
commit | 5e3d207d5b7dba28ca248475188a029570766bc1 (patch) | |
tree | 14a7ea29fb12a13d2858208f537de73053f8aff8 | |
parent | d92292704950c9b937dc9de54d5eecd822dfc20f (diff) | |
download | grep-5e3d207d5b7dba28ca248475188a029570766bc1.tar.gz |
grep: sanity-check GREP_COLOR
This patch closes a longstanding security issue with GREP_COLOR that I
just noticed, where if the attacker has control over GREP_COLOR's
settings the attacker can trash the victim's terminal or have 'grep'
generate misleading output. For example, without the patch
the shell command:
GREP_COLOR="$(printf '31m\33[2J\33[31')" grep --color=always PATTERN
mucks with the screen, leaving behind only the trailing part of
the last matching line. With the patch, this GREP_COLOR is ignored.
* src/grep.c (main): Sanity-check GREP_COLOR contents the same way
GREP_COLORS values are checked, to not trash the user's terminal.
This follows up the recent fix to Bug#55641.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | src/grep.c | 7 |
2 files changed, 8 insertions, 1 deletions
@@ -14,6 +14,8 @@ GNU grep NEWS -*- outline -*- The confusing GREP_COLOR environment variable is now obsolescent. Instead of GREP_COLOR='xxx', use GREP_COLORS='mt=xxx'. grep now warns if GREP_COLOR is used and is not overridden by GREP_COLORS. + Also, grep now treates GREP_COLOR like GREP_COLORS by silently + ignoring it if it attempts to inject ANSI terminal escapes. Regular expressions with stray backslashes now cause warnings, as their unspecified behavior can lead to unexpected results. @@ -2911,7 +2911,12 @@ main (int argc, char **argv) /* Legacy. */ char *userval = getenv ("GREP_COLOR"); if (userval != NULL && *userval != '\0') - selected_match_color = context_match_color = userval; + for (char *q = userval; *q == ';' || c_isdigit (*q); q++) + if (!q[1]) + { + selected_match_color = context_match_color = userval; + break; + } /* New GREP_COLORS has priority. */ parse_grep_colors (); |