Index | Thread | Search

From:
Stuart Henderson <stu@spacehopper.org>
Subject:
Re: html2text pledge
To:
Alexander Bluhm <bluhm@openbsd.org>
Cc:
ports@openbsd.org
Date:
Mon, 23 Jun 2025 16:12:25 +0100

Download raw body.

Thread

  • Alexander Bluhm:

    html2text pledge

    • Stuart Henderson:

      html2text pledge

On 2025/06/23 16:01, Alexander Bluhm wrote:
> Hi,
> 
> I use html2text to convert HTML mails automatically into something
> readable in mutt.  Recently I got a segmantation fault.  I would
> feel much safer when parsing untrusted user input with pledge.
> 
> ok?

Looking through nm -s | grep -w U output I'm not seeing anything
which suggests there are likely to be problems with this. (caveat:
I didn't look over libiconv but it seems unlikely).

I think this is ok for now.

Can you add this to avoid problems for the next version though please:

# don't allow picking up curl (added post-2.3.0); if changing then
# pledge will need to be adapted.
CONFIGURE_ARGS= --without-libcurl

ok


> bluhm
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/converters/html2text/Makefile,v
> diff -u -p -r1.22 Makefile
> --- Makefile	19 Jun 2025 11:09:27 -0000	1.22
> +++ Makefile	23 Jun 2025 13:59:59 -0000
> @@ -1,6 +1,7 @@
>  COMMENT=	advanced HTML-to-text converter
>  
>  V=		2.3.0
> +REVISION=	0
>  DISTNAME=	html2text-$V
>  SITES=		https://github.com/grobian/html2text/releases/download/v$V/
>  
> @@ -10,6 +11,8 @@ HOMEPAGE=	https://github.com/grobian/htm
>  
>  # GPLv2+
>  PERMIT_PACKAGE=	Yes
> +
> +# uses pledge()
>  
>  WANTLIB += c iconv m ${COMPILER_LIBCXX}
>  
> Index: patches/patch-html2text_cpp
> ===================================================================
> RCS file: patches/patch-html2text_cpp
> diff -N patches/patch-html2text_cpp
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ patches/patch-html2text_cpp	23 Jun 2025 13:59:59 -0000
> @@ -0,0 +1,40 @@
> +Index: html2text.cpp
> +--- html2text.cpp.orig
> ++++ html2text.cpp
> +@@ -18,9 +18,11 @@
> +  * GNU General Public License in the file COPYING for more details.
> +  */
> + 
> ++#include <err.h>
> + #include <iostream>
> + #include <string.h>
> + #include <stdlib.h>
> ++#include <unistd.h>
> + 
> + #include "html.h"
> + #include "HTMLControl.h"
> +@@ -187,6 +189,14 @@ main(int argc, char **argv)
> + 		exit(1);
> + 	}
> + 
> ++	if (strcmp(output_file_name, "-") == 0) {
> ++		if (pledge("stdio rpath", NULL) == -1)
> ++			err(1, "pledge");
> ++	} else {
> ++		if (pledge("stdio rpath wpath cpath", NULL) == -1)
> ++			err(1, "pledge");
> ++	}
> ++
> + 	/* historical default used to be ISO-8859-1, auto is not a valid
> + 	 * encoding, but handled in iconvstream */
> + 	if (from_encoding == NULL)
> +@@ -236,6 +246,9 @@ main(int argc, char **argv)
> + 			<< std::endl;
> + 		exit(1);
> + 	}
> ++
> ++	if (pledge("stdio rpath", NULL) == -1)
> ++		err(1, "pledge");
> + 
> + 	if (!is.os_isatty() && !explicit_rendering_req) {
> + 		/* disable "weird" chars unless explicitly requested, #64 */
>