diff options
author | novel <novel@FreeBSD.org> | 2005-10-09 18:22:50 +0800 |
---|---|---|
committer | novel <novel@FreeBSD.org> | 2005-10-09 18:22:50 +0800 |
commit | a0cd321b3ec2201d258ec41365a17e1e8887a7fe (patch) | |
tree | 2936a6439b0256984b8523f8b96b2f8136c88a05 /ftp/wzdftpd/files | |
parent | 5d72e45ee365395bd736e23760d605f61cc76e58 (diff) | |
download | freebsd-ports-gnome-a0cd321b3ec2201d258ec41365a17e1e8887a7fe.tar.gz freebsd-ports-gnome-a0cd321b3ec2201d258ec41365a17e1e8887a7fe.tar.zst freebsd-ports-gnome-a0cd321b3ec2201d258ec41365a17e1e8887a7fe.zip |
Update to 0.5.5.
Diffstat (limited to 'ftp/wzdftpd/files')
-rw-r--r-- | ftp/wzdftpd/files/patch-popen-bug | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/ftp/wzdftpd/files/patch-popen-bug b/ftp/wzdftpd/files/patch-popen-bug deleted file mode 100644 index f9896c22cf24..000000000000 --- a/ftp/wzdftpd/files/patch-popen-bug +++ /dev/null @@ -1,62 +0,0 @@ ---- src/wzd_mod.c.orig 2005-09-26 09:34:42.000000000 +0200 -+++ src/wzd_mod.c 2005-09-26 09:46:41.000000000 +0200 -@@ -102,6 +102,7 @@ - } protocol_handler_t; - - static int _hook_print_file(const char *filename, wzd_context_t *context); -+void _cleanup_shell_command(char * buffer, size_t length); - - static protocol_handler_t * proto_handler_list=NULL; - static unsigned int _reply_code; -@@ -378,6 +379,8 @@ - { - *(buffer+l_command++) = ' '; - (void)wzd_strncpy(buffer + l_command, buffer_args, sizeof(buffer) - l_command - 1); -+ /* SECURITY filter buffer for shell special characters ! */ -+ _cleanup_shell_command(buffer,sizeof(buffer)); - if ( (command_output = popen(buffer,"r")) == NULL ) { - out_log(LEVEL_HIGH,"Hook '%s': unable to popen\n",hook->external_command); - return 1; -@@ -438,6 +441,8 @@ - else - { - /* *(buffer+l_command++) = ' ';*/ -+ /* SECURITY filter buffer for shell special characters ! */ -+ _cleanup_shell_command(buffer,sizeof(buffer)); - if ( (command_output = popen(buffer,"r")) == NULL ) { - out_log(LEVEL_HIGH,"Hook '%s': unable to popen\n",hook->external_command); - return 1; -@@ -733,6 +738,8 @@ - } - - -+/*************** STATIC ****************/ -+ - static int _hook_print_file(const char *filename, wzd_context_t *context) - { - wzd_cache_t * fp; -@@ -765,3 +772,24 @@ - - return 0; - } -+ -+void _cleanup_shell_command(char * buffer, size_t length) -+{ -+ const char * specials = "$\\|;!`()'\"#.,:*?{}[]&<>-~"; -+ size_t i,j; -+ char * buf2; -+ -+ buf2 = wzd_malloc(length); -+ -+ for (i=0,j=0; buffer[i]!='\0' && i<length && j<length; i++,j++) { -+ if (strchr(specials,buffer[i]) != NULL) { -+ if (j+1 >= length) { buf2[j]='\0'; break; } -+ buf2[j++] = '\\'; -+ } -+ buf2[j] = buffer[i]; -+ } -+ -+ wzd_strncpy(buffer,buf2,length); -+ wzd_free(buf2); -+} -+ |