Page MenuHomePhabricator
Files F3947908

T129506_01_Math_master.patch
dpatrick (Darian Anthony Patrick)
Actions

Authored By
dpatrick
Apr 29 2016, 11:52 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T129506_01_Math_master.patch
View Options

From d279c101883f04a96210f9e83ab6232d978bb896 Mon Sep 17 00:00:00 2001
From: Darian Anthony Patrick <dpatrick@wikimedia.org>
Date: Tue, 19 Apr 2016 10:29:10 -0700
Subject: [PATCH] Skip shell invocation on large input
Add a sanity check to the math extension that skips shelling out to
texvc if the input is insanely large.
Bug: T129506
Change-Id: I2c7b6561464bddb4c3eab9230fa8168b24adaa37
---
MathInputCheckTexvc.php | 5 +++++
MathTexvc.php | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/MathInputCheckTexvc.php b/MathInputCheckTexvc.php
index 59849d6..8e96f08 100644
--- a/MathInputCheckTexvc.php
+++ b/MathInputCheckTexvc.php
@@ -83,6 +83,11 @@ class MathInputCheckTexvc extends MathInputCheck {
}
LoggerFactory::getInstance( 'Math' )->debug( "TeX check command: $cmd" );
+ if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) {
+ LoggerFactory::getInstance( 'Math' )->error(
+ "User input exceeded SHELL_MAX_ARG_STRLEN." );
+ return $this->convertTexvcError('');
+ }
$contents = wfShellExec( $cmd );
LoggerFactory::getInstance( 'Math' )->debug( "TeX check result: $contents\n---" );
diff --git a/MathTexvc.php b/MathTexvc.php
index 8a1bc29..3e02440 100644
--- a/MathTexvc.php
+++ b/MathTexvc.php
@@ -206,6 +206,11 @@ class MathTexvc extends MathRenderer {
LoggerFactory::getInstance( 'Math' )->debug( "TeX: $cmd" );
LoggerFactory::getInstance( 'Math' )->debug( "Executing '$cmd'." );
$retval = null;
+ if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) {
+ LoggerFactory::getInstance( 'Math' )->error(
+ "User input exceeded SHELL_MAX_ARG_STRLEN." );
+ return $this->getError( 'math_unknown_error' );
+ }
$contents = wfShellExec( $cmd, $retval );
LoggerFactory::getInstance( 'Math' )->debug( "TeX output:\n $contents\n---" );
--
2.5.4 (Apple Git-61)

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3687987
Default Alt Text
T129506_01_Math_master.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits