Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 75328 Details for
Bug 116389
net-misc/hylafax Multiple issues (CVE-2005-3538, -3539)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
notify-eval-vulnerability.patch
notify-eval-vulnerability.patch (text/plain), 1.99 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2005-12-22 07:11:46 UTC
(
hide
)
Description:
notify-eval-vulnerability.patch
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2005-12-22 07:11:46 UTC
Size:
1.99 KB
patch
obsolete
>Index: util/notify.sh.in >=================================================================== >RCS file: /cvsroot/hylafax/util/notify.sh.in,v >retrieving revision 1.17 >diff -u -r1.17 notify.sh.in >--- util/notify.sh.in 2005/09/05 23:26:03 1.17 >+++ util/notify.sh.in 2005/12/16 23:23:19 >@@ -171,8 +171,18 @@ > eval `($AWK -F: ' > function p(varname,val) > { >+ # In shell scripts, there are no special characters in hard-quoted >+ # strings (quoted with (')). Single-quotes can't even be escaped >+ # inside such strings and must be put outside of them. We thus replace >+ # (') with ('\'') which terminates the current string, adds a single >+ # quote and starts a new string. >+ gsub(/\\047/, "\047\\\\\047\047", val); >+ # New lines in eval could cause problems so we escape them. As with >+ # single quotes above, we must first close the current string, add >+ # the escaped new line (double quoted) and start a new string. >+ gsub(/\n/, "\047\042\\\\n\042\047", val); > # print out variable name and value so we can eval it in the shell >- printf "%s=\"%s\"\n",varname,val >+ printf "%s=\\047%s\\047\n",varname,val > } > BEGIN { > nfiles = 0; >@@ -206,16 +216,9 @@ > /^jobtype/ { p("jobtype", $2); } > # status needs to be used in the shell as faxstatus since status is reserved word > /^status/ { status = $0; sub("status:", "", status); >- if (status ~ /\\\\$/) { >- sub(/\\\\$/, "\\\\n", status); >- while (getline > 0) { >+ while ($0 ~ /\\\\$/ && getline > 0) { >+ sub(/\\\\$/, "\\n", status); > status = status $0; >- gsub(/\*/,"",status); >- sub(/\\\\$/, "\\\\n", status); >- if ($0 !~ /\\\\$/) >- break; >- } >- gsub(/\`/, "", status); > } p("faxstatus", status); > } > /^resolution/ { p("resolution", $2); }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=75328">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 116389
:
75327
| 75328 |
75617
