GNU bug report logs -
#61201
Installation hint crashes when user names contain at sign
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 61201 in the body.
You can then email your comments to 61201 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#61201; Package
guix.
(Tue, 31 Jan 2023 17:06:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ludovic Courtès <ludovic.courtes <at> inria.fr>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Tue, 31 Jan 2023 17:06:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
A funny thing was reported earlier today on the Café Guix channel:
--8<---------------cut here---------------start------------->8---
$ guix install hello [17:52]
building profile with 5 packages...
hint: Backtrace:
17 (primitive-load "/usr/local/bin/guix")
In guix/ui.scm:
2279:7 16 (run-guix . )
2242:10 15 (run-guix-command _ . )
In ice-9/boot-9.scm:
1752:10 14 (with-exception-handler _ _ #:unwind? _ # )
In guix/status.scm:
835:3 13 ()
815:4 12 (call-with-status-report _ )
In guix/store.scm:
1300:8 11 (call-with-build-handler _ )
1300:8 10 (call-with-build-handler # ?)
In guix/build/syscalls.scm:
1440:3 9 ()
1407:4 8 (call-with-file-lock/no-wait _ _ )
In guix/scripts/package.scm:
325:7 7 (build-and-use-profile _ "/var/guix/profiles/per-user/?" ?)
In guix/ui.scm:
312:5 6 (display-hint _ )
1451:24 5 (texi->plain-text )
In texinfo.scm:
1132:22 4 (parse )
980:31 3 (loop #<input: string 2b6e5926be70> (fragment) _ _ )
967:36 2 (loop #<input: string 2b6e5926be70> #f # ?)
92:2 1 (command-spec )
In ice-9/boot-9.scm:
1685:16 0 (raise-exception _ #:continuable? )
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
Throw to key #E1E1E1">parser-error' with args(#f "Unknown command" univ)'.
--8<---------------cut here---------------end--------------->8---
This is because the user name ends in “@univ…”, which ‘display-hint’
interprets as Texinfo.
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#61201; Package
guix.
(Fri, 24 Feb 2023 10:29:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 61201 <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludovic.courtes <at> inria.fr> skribis:
> A funny thing was reported earlier today on the Café Guix channel:
>
> $ guix install hello [17:52]
> building profile with 5 packages...
> hint: Backtrace:
[...]
> In guix/ui.scm:
> 312:5 6 (display-hint _ )
> 1451:24 5 (texi->plain-text )
> In texinfo.scm:
> 1132:22 4 (parse )
> 980:31 3 (loop #<input: string 2b6e5926be70> (fragment) _ _ )
> 967:36 2 (loop #<input: string 2b6e5926be70> #f # ?)
> 92:2 1 (command-spec )
> In ice-9/boot-9.scm:
> 1685:16 0 (raise-exception _ #:continuable? )
>
> ice-9/boot-9.scm:1685:16: In procedure raise-exception:
> Throw to key #E1E1E1">parser-error' with args(#f "Unknown command" univ)'.
Here’s one way to reproduce the bug, showing a crash in ‘display-hint’
due to an unescaped brace:
--8<---------------cut here---------------start------------->8---
$ mkdir /tmp/x{ample
$ touch /tmp/x{ample/guix.scm
$ (cd '/tmp/x{ample' ; guix shell)
guix shell: error: not loading '/tmp/x{ample/guix.scm' because not authorized to do so
hint: Backtrace:
13 (primitive-load "/home/ludo/.config/guix/current/bin/guix")
In guix/ui.scm:
2279:7 12 (run-guix . _)
2242:10 11 (run-guix-command _ . _)
In ice-9/boot-9.scm:
1752:10 10 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
In guix/scripts/shell.scm:
308:15 9 (_)
In guix/ui.scm:
312:5 8 (display-hint _ _)
1451:24 7 (texi->plain-text _)
In texinfo.scm:
1132:22 6 (parse _)
980:31 5 (loop #<input: string 7feb8b300d20> (*fragment*) _ _ _)
980:31 4 (loop #<input: string 7feb8b300d20> #f _ _ _)
911:31 3 (loop #<input: string 7feb8b300d20> #f #<procedure identity (x)> #f _)
746:27 2 (_ #<input: string 7feb8b300d20> #f (example smallexample verbatim lisp smalllisp menu w %) #<procedure 7feb9aea1948 at texin…> …)
In sxml/ssax/input-parse.scm:
88:2 1 (next-token _ _ _ _)
In ice-9/boot-9.scm:
1685:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
Throw to key `parser-error' with args `(#<input: string 7feb8b300d20> "EOF while reading a token " "reading char data")'.
--8<---------------cut here---------------end--------------->8---
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#61201; Package
guix.
(Fri, 24 Feb 2023 11:22:02 GMT)
Full text and
rfc822 format available.
Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
> Ludovic Courtès <ludovic.courtes <at> inria.fr> skribis:
>
>> A funny thing was reported earlier today on the Café Guix channel:
>>
>> $ guix install hello [17:52]
>> building profile with 5 packages...
>> hint: Backtrace:
>
> [...]
>
>> In guix/ui.scm:
>> 312:5 6 (display-hint _ )
>> 1451:24 5 (texi->plain-text )
>> In texinfo.scm:
>> 1132:22 4 (parse )
>> 980:31 3 (loop #<input: string 2b6e5926be70> (fragment) _ _ )
>> 967:36 2 (loop #<input: string 2b6e5926be70> #f # ?)
>> 92:2 1 (command-spec )
>> In ice-9/boot-9.scm:
>> 1685:16 0 (raise-exception _ #:continuable? )
>>
>> ice-9/boot-9.scm:1685:16: In procedure raise-exception:
>> Throw to key #E1E1E1">parser-error' with args(#f "Unknown command" univ)'.
>
> Here’s one way to reproduce the bug, showing a crash in ‘display-hint’
> due to an unescaped brace:
>
> $ mkdir /tmp/x{ample
> $ touch /tmp/x{ample/guix.scm
> $ (cd '/tmp/x{ample' ; guix shell)
> guix shell: error: not loading '/tmp/x{ample/guix.scm' because not authorized to do so
> hint: Backtrace:
> 13 (primitive-load "/home/ludo/.config/guix/current/bin/guix")
> In guix/ui.scm:
> 2279:7 12 (run-guix . _)
> 2242:10 11 (run-guix-command _ . _)
> In ice-9/boot-9.scm:
> 1752:10 10 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
> In guix/scripts/shell.scm:
> 308:15 9 (_)
> In guix/ui.scm:
> 312:5 8 (display-hint _ _)
> 1451:24 7 (texi->plain-text _)
> In texinfo.scm:
> 1132:22 6 (parse _)
> 980:31 5 (loop #<input: string 7feb8b300d20> (*fragment*) _ _ _)
> 980:31 4 (loop #<input: string 7feb8b300d20> #f _ _ _)
> 911:31 3 (loop #<input: string 7feb8b300d20> #f #<procedure identity (x)> #f _)
> 746:27 2 (_ #<input: string 7feb8b300d20> #f (example smallexample verbatim lisp smalllisp menu w %) #<procedure 7feb9aea1948 at texin…> …)
> In sxml/ssax/input-parse.scm:
> 88:2 1 (next-token _ _ _ _)
> In ice-9/boot-9.scm:
> 1685:16 0 (raise-exception _ #:continuable? _)
>
> ice-9/boot-9.scm:1685:16: In procedure raise-exception:
> Throw to key `parser-error' with args `(#<input: string 7feb8b300d20> "EOF while reading a token " "reading char data")'.
>
> Ludo’.
Would it be heresy to recommend that plain strings and strings that
contain texinfo markup be separate types to catch this sort of thing?
In 2023 it's pretty embarrassing to have bugs that are basically SQL
injections.
Information forwarded
to
bug-guix <at> gnu.org:
bug#61201; Package
guix.
(Fri, 24 Feb 2023 11:22:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Mon, 27 Feb 2023 22:56:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ludovic Courtès <ludovic.courtes <at> inria.fr>:
bug acknowledged by developer.
(Mon, 27 Feb 2023 22:56:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 61201-done <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> skribis:
> Fixes <https://issues.guix.gnu.org/61201>.
>
> Previously, common practice was to splice arbitrary strings (user names,
> file names, etc.) into Texinfo snippets passed to 'display-hint'. This
> is unsafe in the general case because at signs and braces need to be
> escaped to produced valid Texinfo. This commit addresses that.
>
> * guix/ui.scm (texinfo-quote): New procedure.
> (display-hint): When ARGUMENTS is non-empty, pass it to 'texinfo-quote'
> and call 'format'.
> (report-unbound-variable-error, check-module-matches-file)
> (display-collision-resolution-hint, run-guix-command): Remove explicit
> 'format' call; pass 'format' arguments as extra arguments to 'display-hint'.
> * gnu/services/monitoring.scm (zabbix-front-end-config): Likewise.
> * guix/scripts.scm (warn-about-disk-space): Likewise.
> * guix/scripts/build.scm (%standard-cross-build-options)
> (%standard-native-build-options): Likewise.
> * guix/scripts/describe.scm (display-checkout-info): Likewise.
> * guix/scripts/environment.scm (suggest-command-name): Likewise.
> * guix/scripts/home.scm (process-command): Likewise.
> * guix/scripts/home/edit.scm (service-type-not-found): Likewise.
> * guix/scripts/import.scm (guix-import): Likewise.
> * guix/scripts/package.scm (display-search-path-hint): Likewise.
> * guix/scripts/pull.scm (build-and-install): Likewise.
> * guix/scripts/shell.scm (auto-detect-manifest): Likewise.
> * guix/scripts/system.scm (check-file-system-availability): Likewise.
> (guix-system): Likewise.
> * guix/scripts/system/edit.scm (service-type-not-found): Likewise.
> * guix/status.scm (print-build-event): Likewise.
Pushed as 43c36c5c9f7a31649eb059fd16ed82bde20da3fc.
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 28 Mar 2023 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 43 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.