diff options
| author | jan.nijtmans <nijtmans@users.sourceforge.net> | 2020-09-25 11:09:08 (GMT) |
|---|---|---|
| committer | jan.nijtmans <nijtmans@users.sourceforge.net> | 2020-09-25 11:09:08 (GMT) |
| commit | 9d34b872ced6c6713cf84f914f11a017ecd2cd49 (patch) | |
| tree | 652115f68df5864d0056594b328707c55fae03aa | |
| parent | e4fcd7152b8701ae9adbf0cc608572d7f253e2c3 (diff) | |
| download | tcl-9d34b872ced6c6713cf84f914f11a017ecd2cd49.zip tcl-9d34b872ced6c6713cf84f914f11a017ecd2cd49.tar.gz tcl-9d34b872ced6c6713cf84f914f11a017ecd2cd49.tar.bz2 | |
When sourcing script files (even when simulating that through open|read), always set -eofchar \032 just like the source command does.
Possible security issue: this could make it possible to evaluate hidden content at the end of pkgIndex files.
| -rw-r--r-- | library/auto.tcl | 2 | ||||
| -rw-r--r-- | library/init.tcl | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/library/auto.tcl b/library/auto.tcl index 6cb09b6..32a5f52 100644 --- a/library/auto.tcl +++ b/library/auto.tcl @@ -248,6 +248,7 @@ proc auto_mkindex_old {dir args} { set f "" set error [catch { set f [open $file] + fconfigure $f -eofchar \032 while {[gets $f line] >= 0} { if {[regexp {^proc[ ]+([^ ]*)} $line match procName]} { set procName [lindex [auto_qualify $procName "::"] 0] @@ -351,6 +352,7 @@ proc auto_mkindex_parser::mkindex {file} { set scriptFile $file set fid [open $file] + fconfigure $fid -eofchar \032 set contents [read $fid] close $fid diff --git a/library/init.tcl b/library/init.tcl index 0a5e71b..6e4cf89 100644 --- a/library/init.tcl +++ b/library/init.tcl @@ -501,6 +501,7 @@ proc auto_load_index {} { continue } else { set error [catch { + fconfigure $f -eofchar \032 set id [gets $f] if {$id eq "# Tcl autoload index file, version 2.0"} { eval [read $f] |