From f27e2426491efab7904c2863a8a443416babc571 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 5 Nov 2014 14:33:39 +0000
Subject: [PATCH] daemon: strings: Use -a option to avoid using BFD to parse
 files.

Avoids hitting CVE-2014-8484 and CVE-2014-8485 and similar problems
with BFD parsing on untrusted files.
---
 daemon/strings.c     |  2 +-
 generator/actions.ml | 12 ++++++------
 src/guestfs.pod      |  4 ++--
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/daemon/strings.c b/daemon/strings.c
index 332cba72e..6e81b9e5b 100644
--- a/daemon/strings.c
+++ b/daemon/strings.c
@@ -50,7 +50,7 @@ do_strings_e (const char *encoding, const char *path)
   }
 
   flags = COMMAND_FLAG_CHROOT_COPY_FILE_TO_STDIN | fd;
-  r = commandf (&out, &err, flags, "strings", "-e", encoding, NULL);
+  r = commandf (&out, &err, flags, "strings", "-a", "-e", encoding, NULL);
   if (r == -1) {
     reply_with_error ("%s: %s", path, err);
     return NULL;
diff --git a/generator/actions.ml b/generator/actions.ml
index 83f473465..a01d3e47e 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -5366,9 +5366,9 @@ The external L<cmp(1)> program is used for the comparison." };
 This runs the L<strings(1)> command on a file and returns
 the list of printable strings found.
 
-B<Use this API with caution.>  In particular, it's generally not
-a good idea to use it on untrusted files.  For more information
-see L<guestfs(3)/CVE-2014-8484>." };
+The C<strings> command has, in the past, had problems with
+parsing untrusted files.  These are mitigated in the current
+version of libguestfs, but see L<guestfs(3)/CVE-2014-8484>." };
 
   { defaults with
     name = "strings_e";
@@ -5425,9 +5425,9 @@ This is useful for examining binaries in Windows guests.
 
 The returned strings are transcoded to UTF-8.
 
-B<Use this API with caution.>  In particular, it's generally not
-a good idea to use it on untrusted files.  For more information
-see L<guestfs(3)/CVE-2014-8484>." };
+The C<strings> command has, in the past, had problems with
+parsing untrusted files.  These are mitigated in the current
+version of libguestfs, but see L<guestfs(3)/CVE-2014-8484>." };
 
   { defaults with
     name = "hexdump";
diff --git a/src/guestfs.pod b/src/guestfs.pod
index 27758646c..949ff7a3b 100644
--- a/src/guestfs.pod
+++ b/src/guestfs.pod
@@ -2216,8 +2216,8 @@ thus the L</guestfs_strings> and L</guestfs_strings_e> APIs in
 libguestfs.  Running strings on an untrusted file could cause
 arbitrary code execution (confined to the libguestfs appliance).
 
-There are thought to be many similar bugs in binutils, so even if
-these two bugs are fixed, avoid using these two libguestfs APIs.
+In libguestfs E<ge> 1.29.5 and E<ge> 1.28.3, libguestfs uses the
+C<strings> I<-a> option to avoid BFD parsing on the file.
 
 =head1 CONNECTION MANAGEMENT