Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 48574 Details for
Bug 77408
app-text/enscript CAN-2004-118{4,5,6}: Multiple issues
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
enscript-1.6.3-security.patch
enscript-1.6.3-security.patch (text/plain), 5.90 KB, created by
Thierry Carrez (RETIRED)
on 2005-01-15 12:56:41 UTC
(
hide
)
Description:
enscript-1.6.3-security.patch
Filename:
MIME Type:
Creator:
Thierry Carrez (RETIRED)
Created:
2005-01-15 12:56:41 UTC
Size:
5.90 KB
patch
obsolete
>diff -u -p -Nr --exclude CVS orig/enscript-1.6.3/src/gsint.h enscript-1.6.3.CAN-2004-1184/src/gsint.h >--- orig/enscript-1.6.3/src/gsint.h 2000-07-11 17:28:06.000000000 +0200 >+++ enscript-1.6.3.CAN-2004-1184/src/gsint.h 2005-01-04 20:45:24.000000000 +0100 >@@ -701,4 +701,9 @@ FILE *printer_open ___P ((char *cmd, cha > */ > void printer_close ___P ((void *context)); > >+/* >+ * Escape filenames for shell usage >+ */ >+char *shell_escape ___P ((const char *fn)); >+ > #endif /* not GSINT_H */ >diff -u -p -Nr --exclude CVS orig/enscript-1.6.3/src/main.c enscript-1.6.3.CAN-2004-1184/src/main.c >--- orig/enscript-1.6.3/src/main.c 2005-01-04 20:52:31.000000000 +0100 >+++ enscript-1.6.3.CAN-2004-1184/src/main.c 2005-01-05 10:57:44.000000000 +0100 >@@ -1555,9 +1555,13 @@ name width\theight\tllx\tlly > buffer_append (&cmd, intbuf); > buffer_append (&cmd, " "); > >- buffer_append (&cmd, "-Ddocument_title=\""); >- buffer_append (&cmd, title); >- buffer_append (&cmd, "\" "); >+ buffer_append (&cmd, "-Ddocument_title=\'"); >+ if ((cp = shell_escape (title)) != NULL) >+ { >+ buffer_append (&cmd, cp); >+ free (cp); >+ } >+ buffer_append (&cmd, "\' "); > > buffer_append (&cmd, "-Dtoc="); > buffer_append (&cmd, toc ? "1" : "0"); >@@ -1574,8 +1578,14 @@ name width\theight\tllx\tlly > /* Append input files. */ > for (i = optind; i < argc; i++) > { >- buffer_append (&cmd, " "); >- buffer_append (&cmd, argv[i]); >+ char *cp; >+ if ((cp = shell_escape (argv[i])) != NULL) >+ { >+ buffer_append (&cmd, " \'"); >+ buffer_append (&cmd, cp); >+ buffer_append (&cmd, "\'"); >+ free (cp); >+ } > } > > /* And do the job. */ >@@ -1636,7 +1645,7 @@ name width\theight\tllx\tlly > buffer_ptr (opts), buffer_len (opts)); > } > >- buffer_append (&buffer, " \"%s\""); >+ buffer_append (&buffer, " \'%s\'"); > > input_filter = buffer_copy (&buffer); > input_filter_stdin = "-"; >diff -u -p -Nr --exclude CVS orig/enscript-1.6.3/src/util.c enscript-1.6.3.CAN-2004-1184/src/util.c >--- orig/enscript-1.6.3/src/util.c 1999-09-17 17:26:51.000000000 +0200 >+++ enscript-1.6.3.CAN-2004-1184/src/util.c 2005-01-05 10:43:23.000000000 +0100 >@@ -1239,6 +1239,8 @@ escape_string (char *string) > > /* Create result. */ > cp = xmalloc (len + 1); >+ if (cp == NULL) >+ return NULL; > for (i = 0, j = 0; string[i]; i++) > switch (string[i]) > { >@@ -1879,6 +1881,7 @@ is_open (InputStream *is, FILE *fp, char > char *cmd = NULL; > int cmdlen; > int i, pos; >+ char *cp; > > is->is_pipe = 1; > >@@ -1902,12 +1905,16 @@ is_open (InputStream *is, FILE *fp, char > { > case 's': > /* Expand cmd-buffer. */ >- cmdlen += strlen (fname); >- cmd = xrealloc (cmd, cmdlen); >+ if ((cp = shell_escape (fname)) != NULL) >+ { >+ cmdlen += strlen (cp); >+ cmd = xrealloc (cmd, cmdlen); > >- /* Paste filename. */ >- strcpy (cmd + pos, fname); >- pos += strlen (fname); >+ /* Paste filename. */ >+ strcpy (cmd + pos, cp); >+ pos += strlen (cp); >+ free (cp); >+ } > > i++; > break; >@@ -2116,3 +2123,36 @@ buffer_len (Buffer *buffer) > { > return buffer->len; > } >+ >+/* >+ * Escapes the name of a file so that the shell groks it in 'single' >+ * quotation marks. The resulting pointer has to be free()ed when not >+ * longer used. >+*/ >+char * >+shell_escape(const char *fn) >+{ >+ size_t len = 0; >+ const char *inp; >+ char *retval, *outp; >+ >+ for(inp = fn; *inp; ++inp) >+ switch(*inp) >+ { >+ case '\'': len += 4; break; >+ default: len += 1; break; >+ } >+ >+ outp = retval = malloc(len + 1); >+ if(!outp) >+ return NULL; /* perhaps one should do better error handling here */ >+ for(inp = fn; *inp; ++inp) >+ switch(*inp) >+ { >+ case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break; >+ default: *outp++ = *inp; break; >+ } >+ *outp = 0; >+ >+ return retval; >+} >diff -u -p -Nr --exclude CVS enscript-1.6.3.CAN-2004-1184/src/psgen.c enscript-1.6.3.CAN-2004-1185/src/psgen.c >--- enscript-1.6.3.CAN-2004-1184/src/psgen.c 2005-01-04 20:59:56.000000000 +0100 >+++ enscript-1.6.3.CAN-2004-1185/src/psgen.c 2005-01-05 15:22:40.000000000 +0100 >@@ -2385,9 +2385,10 @@ recognize_eps_file (Token *token) > MESSAGE (2, (stderr, "^@epsf=\"%s\"\n", token->u.epsf.filename)); > > i = strlen (token->u.epsf.filename); >+ /* > if (i > 0 && token->u.epsf.filename[i - 1] == '|') > { >- /* Read EPS data from pipe. */ >+ / * Read EPS data from pipe. * / > token->u.epsf.pipe = 1; > token->u.epsf.filename[i - 1] = '\0'; > token->u.epsf.fp = popen (token->u.epsf.filename, "r"); >@@ -2400,6 +2401,7 @@ recognize_eps_file (Token *token) > } > } > else >+ */ > { > char *filename; > >diff -u -p -Nr --exclude CVS enscript-1.6.3.CAN-2004-1185/src/psgen.c enscript-1.6.3.CAN-2004-1186/src/psgen.c >--- enscript-1.6.3.CAN-2004-1185/src/psgen.c 2005-01-05 15:22:40.000000000 +0100 >+++ enscript-1.6.3.CAN-2004-1186/src/psgen.c 2005-01-05 15:22:44.000000000 +0100 >@@ -2034,8 +2034,9 @@ dump_ps_page_header (char *fname, int em > else > { > ftail++; >- strncpy (buf, fname, ftail - fname); >- buf[ftail - fname] = '\0'; >+ i = ftail - fname >= sizeof (buf)-1 ? sizeof (buf)-1 : ftail - fname; >+ strncpy (buf, fname, i); >+ buf[i] = '\0'; > } > > if (nup > 1) >diff -u -p -Nr --exclude CVS enscript-1.6.3.CAN-2004-1185/src/util.c enscript-1.6.3.CAN-2004-1186/src/util.c >--- enscript-1.6.3.CAN-2004-1185/src/util.c 2005-01-05 10:43:23.000000000 +0100 >+++ enscript-1.6.3.CAN-2004-1186/src/util.c 2005-01-05 15:22:23.000000000 +0100 >@@ -2003,7 +2003,8 @@ is_getc (InputStream *is) > return EOF; > > /* Read more data. */ >- is->data_in_buf = fread (is->buf, 1, sizeof (is->buf), is->fp); >+ memset (is->buf, 0, sizeof (is->buf)); >+ is->data_in_buf = fread (is->buf, 1, sizeof (is->buf)-1, is->fp); > is->bufpos = 0; > is->nreads++; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=48574">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 77408
:
48126
|
48127
|
48128
| 48574 |
48577
