texlive[46933] Master/bin/win32/runscript.tlu: make search path of

commits+kakuto at tug.org commits+kakuto at tug.org
Mon Mar 12 21:41:15 CET 2018


Revision: 46933
          http://tug.org/svn/texlive?view=revision&revision=46933
Author:   kakuto
Date:     2018-03-12 21:41:15 +0100 (Mon, 12 Mar 2018)
Log Message:
-----------
make search path of scripts in w32_wrapper more secure

Modified Paths:
--------------
    trunk/Master/bin/win32/runscript.tlu

Modified: trunk/Master/bin/win32/runscript.tlu
===================================================================
--- trunk/Master/bin/win32/runscript.tlu	2018-03-12 20:40:42 UTC (rev 46932)
+++ trunk/Master/bin/win32/runscript.tlu	2018-03-12 20:41:15 UTC (rev 46933)
@@ -262,6 +262,8 @@
     2017/05/06
         - introduce sys_user_progs, make checks for updmap/fmtutil
           use sys_user_progs instead, add kanji-config-updmap
+    2018/03/12
+        - introduce a new function gettexmfdist() for security.
 ]]
 
 -- HELPER SUBROUTINES --
@@ -386,6 +388,44 @@
   end
 end
 
+--
+-- return the TEXMFDIST directory in TeX Live
+--
+local function gettexmfdist()
+  local ffi = require("ffi")
+  ffi.cdef[[
+  typedef void*  HANDLE;
+  typedef char*  LPCSTR;
+  int GetModuleFileNameA(HANDLE h, LPCSTR l, int i);
+  HANDLE GetModuleHandleA(const char *a);
+  ]]
+  local buffer = ffi.new("char[?]", 512)
+  local runscripthandle = ffi.C.GetModuleHandleA("runscript.dll")
+  if runscripthandle == nil then
+    return nil
+  end
+  local err = ffi.C.GetModuleFileNameA(runscripthandle, buffer, 256)
+  if err == nil then
+    return nil
+  end
+  local str = ffi.string(buffer)
+  str = string.gsub(str, "\\","/")
+  str = string.reverse(str)
+  local a, b
+-- remove /runscript.dll
+  a, b = string.find(str, '/', 1, true)
+  str = string.sub(str,a+1)
+-- remove /win32
+  a, b = string.find(str, '/', 1, true)
+  str = string.sub(str,a+1)
+-- remove /bin
+  a, b = string.find(str, '/', 1, true)
+  str = string.sub(str,a+1)
+  str = string.reverse(str)
+  str = str .. '/texmf-dist'
+  return str
+end
+
 -- MAIN_CHUNK -- encapsulated in a function for more robust execution with pcall
 
 local function MAIN_CHUNK()
@@ -472,7 +512,9 @@
 
 -- various dir-vars
 local TEXDIR = kpse.var_value('SELFAUTOPARENT')
-local TEXMFDIST = kpse.var_value('TEXMFDIST')
+-- local TEXMFDIST = kpse.var_value('TEXMFDIST')
+-- use a new function to obtain TEXMFDIST
+local TEXMFDIST = gettexmfdist()
 local BINDIR = kpse.var_value('SELFAUTOLOC')
 local PATH = os.getenv('PATH') or ''
 



More information about the tex-live-commits mailing list