e46008a870
Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows (CAN-2004-1186), quotes and shell escape characters are insufficiently sanitized in filenames (CAN-2004-1185), and it supported taking input from an arbitrary command pipe, with unwanted side effects (CAN-2004-1184). From/via Gentoo.
14 lines
384 B
Plaintext
14 lines
384 B
Plaintext
$OpenBSD: patch-src_gsint_h,v 1.1 2005/02/11 19:12:42 naddy Exp $
|
|
--- src/gsint.h.orig Fri Feb 11 20:01:12 2005
|
|
+++ src/gsint.h Fri Feb 11 20:01:25 2005
|
|
@@ -701,4 +701,9 @@ FILE *printer_open ___P ((char *cmd, cha
|
|
*/
|
|
void printer_close ___P ((void *context));
|
|
|
|
+/*
|
|
+ * Escape filenames for shell usage
|
|
+ */
|
|
+char *shell_escape ___P ((const char *fn));
|
|
+
|
|
#endif /* not GSINT_H */
|