Page MenuHomePhabricator
Files F3947905

T129506_01_Math_REL1_23.patch
dpatrick (Darian Anthony Patrick)
Actions

Authored By
dpatrick
Apr 29 2016, 11:52 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T129506_01_Math_REL1_23.patch
View Options

From 1cd6f203eebf474f1c80865da609b4302dea2d94 Mon Sep 17 00:00:00 2001
From: Darian Anthony Patrick <dpatrick@wikimedia.org>
Date: Mon, 25 Apr 2016 11:55:18 -0700
Subject: [PATCH] Skip shell invocation on large input
Add a sanity check to the math extension that skips shelling out to
texvc if the input is insanely large.
Bug: T129506
Change-Id: I755a6de740bdfd9448d5ed654bdef6cbdd4a9498
---
MathInputCheckTexvc.php | 4 ++++
MathTexvc.php | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/MathInputCheckTexvc.php b/MathInputCheckTexvc.php
index 419df64..09a8f35 100644
--- a/MathInputCheckTexvc.php
+++ b/MathInputCheckTexvc.php
@@ -75,6 +75,10 @@ class MathInputCheckTexvc extends MathInputCheck {
}
wfDebugLog( 'Math', "TeX check command: $cmd\n" );
+ if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) {
+ wfDebugLog( 'Math', "User input exceeded SHELL_MAX_ARG_STRLEN.\n" );
+ return $this->convertTexvcError('');
+ }
$contents = wfShellExec( $cmd );
wfDebugLog( 'Math', "TeX check result:\n $contents\n---\n" );
diff --git a/MathTexvc.php b/MathTexvc.php
index 37e4b70..cb04e25 100644
--- a/MathTexvc.php
+++ b/MathTexvc.php
@@ -144,6 +144,10 @@ class MathTexvc extends MathRenderer {
wfDebugLog( 'Math', "TeX: $cmd\n" );
wfDebugLog( 'texvc', "Executing '$cmd'." );
$retval = null;
+ if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) {
+ wfDebugLog( 'Math', "User input exceeded SHELL_MAX_ARG_STRLEN.\n" );
+ return $this->getError( 'math_unknown_error' );
+ }
$contents = wfShellExec( $cmd, $retval );
wfDebugLog( 'Math', "TeX output:\n $contents\n---\n" );
--
2.5.4 (Apple Git-61)

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3687984
Default Alt Text
T129506_01_Math_REL1_23.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL