27 lines
929 B
Plaintext
27 lines
929 B
Plaintext
$OpenBSD: patch-pine_mailcap_c,v 1.4 2005/04/29 19:51:35 jakob Exp $
|
|
--- pine/mailcap.c.orig Wed Nov 3 21:11:17 2004
|
|
+++ pine/mailcap.c Fri Apr 29 19:49:47 2005
|
|
@@ -993,14 +993,18 @@ mc_cmd_bldr(controlstring, type, subtype
|
|
* have to put those outside of the single quotes.
|
|
* (The parm+1000 nonsense is to protect against
|
|
* malicious mail trying to overlow our buffer.)
|
|
+ *
|
|
+ * TCH - Change 2/8/1999
|
|
+ * Also quote the ` slash to prevent execution of arbitrary code
|
|
*/
|
|
for(p = parm; *p && p < parm+1000; p++){
|
|
- if(*p == '\''){
|
|
+ if((*p == '\'') || (*p=='`')) {
|
|
*to++ = '\''; /* closing quote */
|
|
*to++ = '\\';
|
|
- *to++ = '\''; /* below will be opening quote */
|
|
- }
|
|
- *to++ = *p;
|
|
+ *to++ = *p; /* quoted character */
|
|
+ *to++ = '\''; /* opening quote */
|
|
+ } else
|
|
+ *to++ = *p;
|
|
}
|
|
|
|
fs_give((void **) &parm);
|