From 9eba0da958d33ef3582667e09701865980595361 Mon Sep 17 00:00:00 2001 From: Mark Nudelman Date: Sun, 19 Sep 2021 14:25:39 -1000 Subject: [PATCH] Don't read or write history file in secure mode. --- NEWS | 6 ++++++ cmdbuf.c | 9 ++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 164fcf86..49152695 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,8 @@ * Allow option name in -- command to end with '=' in addition to '\n'. +* Don't read or write history file in secure mode. + * Fix display of multibyte and double-width chars in prompt. * Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08. @@ -32,6 +34,10 @@ * Fix bug when empty file is modified while viewing it. +* Fix bug when parsing a malformed lesskey file. + +* Fix buffer overflow when invoking lessecho with more than 63 -m/-n options. + ====================================================================== Major changes between "less" versions 581 and 590 diff --git a/cmdbuf.c b/cmdbuf.c index dd135382..f4f8f3ea 100644 --- a/cmdbuf.c +++ b/cmdbuf.c @@ -24,6 +24,7 @@ extern int sc_width; extern int utf_mode; extern int no_hist_dups; extern int marks_modified; +extern int secure; static char cmdbuf[CMDBUF_SIZE]; /* Buffer for holding a multi-char command */ static int cmd_col; /* Current column of the cursor */ @@ -1524,6 +1525,8 @@ read_cmdhist(action, uparam, skip_search, skip_shell) int skip_search; int skip_shell; { + if (secure) + return; read_cmdhist2(action, uparam, skip_search, skip_shell); (*action)(uparam, NULL, NULL); /* signal end of file */ } @@ -1673,6 +1676,7 @@ make_file_private(f) /* * Does the history file need to be updated? */ +#if CMD_HISTORY static int histfile_modified(VOID_PARAM) { @@ -1682,12 +1686,11 @@ histfile_modified(VOID_PARAM) if (mlist_shell.modified) return 1; #endif -#if CMD_HISTORY if (marks_modified) return 1; -#endif return 0; } +#endif /* * Update the .lesshst file. @@ -1705,7 +1708,7 @@ save_cmdhist(VOID_PARAM) FILE *fout = NULL; int histsize = 0; - if (!histfile_modified()) + if (secure || !histfile_modified()) return; histname = histfile_name(0); if (histname == NULL)