FreeBSD Bugzilla – Attachment 45893 Details for
Bug 70618
print/a2ps-* using "file -L %s" as shell argument --> dangerous to use it in world-writable directories
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 1.57 KB, created by
Rudolf Polzer
on 2004-08-18 16:20:26 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Rudolf Polzer
Created:
2004-08-18 16:20:26 UTC
Size:
1.57 KB
patch
obsolete
>diff -ru ../a2ps-4.13.orig/src/select.c ./src/select.c >--- ../a2ps-4.13.orig/src/select.c Wed Aug 18 16:32:09 2004 >+++ ./src/select.c Wed Aug 18 16:49:12 2004 >@@ -131,6 +131,36 @@ > return 1; > } > >+/* escapes the name of a file so that the shell groks it in 'single' q.marks. >+ The resulting pointer has to be free()ed when not longer used. */ >+char * >+shell_escape(const char *fn) >+{ >+ size_t len = 0; >+ const char *inp; >+ char *retval, *outp; >+ >+ for(inp = fn; *inp; ++inp) >+ switch(*inp) >+ { >+ case '\'': len += 4; break; >+ default: len += 1; break; >+ } >+ >+ outp = retval = malloc(len + 1); >+ if(!outp) >+ return ""; /* perhaps one should do better error handling here */ >+ for(inp = fn; *inp; ++inp) >+ switch(*inp) >+ { >+ case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break; >+ default: *outp++ = *inp; break; >+ } >+ *outp = 0; >+ >+ return retval; >+} >+ > /* What says file about the type of a file (result is malloc'd). NULL > if could not be run. */ > >@@ -144,11 +174,13 @@ > if (IS_EMPTY (job->file_command)) > return NULL; > >+ filename = shell_escape(filename); > /* Call file(1) with the correct option */ >- command = ALLOCA (char, (2 >+ command = ALLOCA (char, (4 > + strlen (job->file_command) > + ustrlen (filename))); >- sprintf (command, "%s %s", job->file_command, (const char *) filename); >+ sprintf (command, "%s '%s'", job->file_command, (const char *) filename); >+ free(filename); > message (msg_tool, (stderr, "Reading pipe: `%s'\n", command)); > file_out = popen (command, "r");
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 70618
: 45893