cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ec0a98c0a3
freebsd-ports/print/enscript-letter/files/patch-src_main.c
Christian Weisgerber 44a125dbb2 Security fixes: 
Erik Sjolund discovered several issues in enscript: it suffers from
several buffer overflows (CAN-2004-1186), quotes and shell escape
characters are insufficiently sanitized in filenames (CAN-2004-1185),
and it supported taking input from an arbitrary command pipe, with
unwanted side effects (CAN-2004-1184).

Obtained from:	Gentoo
2005-02-11 21:35:40 +00:00

49 lines
1.1 KiB
C
Raw Blame History

$FreeBSD$
--- src/main.c.orig
+++ src/main.c
@@ -1546,9 +1546,13 @@
buffer_append (&cmd, intbuf);
buffer_append (&cmd, " ");
- buffer_append (&cmd, "-Ddocument_title=\"");
- buffer_append (&cmd, title);
- buffer_append (&cmd, "\" ");
+ buffer_append (&cmd, "-Ddocument_title=\'");
+ if ((cp = shell_escape (title)) != NULL)
+ {
+ buffer_append (&cmd, cp);
+ free (cp);
+ }
+ buffer_append (&cmd, "\' ");
buffer_append (&cmd, "-Dtoc=");
buffer_append (&cmd, toc ? "1" : "0");
@@ -1565,8 +1569,14 @@
/* Append input files. */
for (i = optind; i < argc; i++)
{
- buffer_append (&cmd, " ");
- buffer_append (&cmd, argv[i]);
+ char *cp;
+ if ((cp = shell_escape (argv[i])) != NULL)
+ {
+ buffer_append (&cmd, " \'");
+ buffer_append (&cmd, cp);
+ buffer_append (&cmd, "\'");
+ free (cp);
+ }
}
/* And do the job. */
@@ -1627,7 +1637,7 @@
buffer_ptr (opts), buffer_len (opts));
}
- buffer_append (&buffer, " \"%s\"");
+ buffer_append (&buffer, " \'%s\'");
input_filter = buffer_copy (&buffer);
input_filter_stdin = "-";
Reference in New Issue View Git Blame Copy Permalink