diff options
author | stefan <stefan@FreeBSD.org> | 2011-05-18 04:10:52 +0800 |
---|---|---|
committer | stefan <stefan@FreeBSD.org> | 2011-05-18 04:10:52 +0800 |
commit | 7c1ca2baaed1a6a77689456bf5f2cc12d05000e1 (patch) | |
tree | ddfaebedb8bad27a437a47d693c3d918b3d8b248 | |
parent | 6605e7889139d170be8a10c2bfdf508d3e2333c9 (diff) | |
download | freebsd-ports-graphics-7c1ca2baaed1a6a77689456bf5f2cc12d05000e1.tar.gz freebsd-ports-graphics-7c1ca2baaed1a6a77689456bf5f2cc12d05000e1.tar.zst freebsd-ports-graphics-7c1ca2baaed1a6a77689456bf5f2cc12d05000e1.zip |
- Add patch to properly escape paths and passwords in shell calls.
- While here, remove MD5 from distinfo.
Reported by: Keith Waters <keith@waters.co.za>
Patch by: Richard Corner
Obtained from: https://bugs.launchpad.net/ubuntu/+source/fcrackzip/+bug/350640
-rw-r--r-- | security/fcrackzip/Makefile | 1 | ||||
-rw-r--r-- | security/fcrackzip/distinfo | 1 | ||||
-rw-r--r-- | security/fcrackzip/files/patch-main.c | 116 |
3 files changed, 117 insertions, 1 deletions
diff --git a/security/fcrackzip/Makefile b/security/fcrackzip/Makefile index 0394cba291b..e9f91a7fdf3 100644 --- a/security/fcrackzip/Makefile +++ b/security/fcrackzip/Makefile @@ -7,6 +7,7 @@ PORTNAME= fcrackzip PORTVERSION= 1.0 +PORTREVISION= 1 CATEGORIES= security archivers MASTER_SITES= http://oldhome.schmorp.de/data/marc/ \ http://distfiles.macports.org/${PORTNAME}/ diff --git a/security/fcrackzip/distinfo b/security/fcrackzip/distinfo index e0ccc0781ef..aef6067f472 100644 --- a/security/fcrackzip/distinfo +++ b/security/fcrackzip/distinfo @@ -1,3 +1,2 @@ -MD5 (fcrackzip-1.0.tar.gz) = 254941f51759f9425965f4b05fe7ac2c SHA256 (fcrackzip-1.0.tar.gz) = 4a58c8cb98177514ba17ee30d28d4927918bf0bdc3c94d260adfee44d2d43850 SIZE (fcrackzip-1.0.tar.gz) = 114786 diff --git a/security/fcrackzip/files/patch-main.c b/security/fcrackzip/files/patch-main.c new file mode 100644 index 00000000000..d1d00e4d5a0 --- /dev/null +++ b/security/fcrackzip/files/patch-main.c @@ -0,0 +1,116 @@ +--- main.c.orig 2005-09-10 21:58:44.000000000 +0200 ++++ main.c 2011-05-17 21:59:32.000000000 +0200 +@@ -44,13 +44,112 @@ + + static FILE *dict_file; + ++char * ++path_for_shell (char *dest, const char *str) ++{ ++ /* backslash shell special charatcers */ ++ ++ char ch, *p = dest; ++ size_t len = strlen(str); ++ int i; ++ ++ for (i = 0; i < len; i++) ++ { ++ ch = str[i]; ++ ++ switch (ch) ++ { ++ /* ASCII table order */ ++ case 0x20: /* space */ ++ case '!': ++ case '"': ++ case '#': ++ case '$': ++ case '&': ++ case 0x27: /* single quote */ ++ case '(': ++ case ')': ++ case '*': ++ case '+': ++ case 0x2C: /* comma */ ++ case ':': ++ case ';': ++ case '<': ++ case '>': ++ case '?': ++ case '[': ++ case '\\': ++ case ']': ++ case '^': ++ case '`': ++ case '{': ++ case '|': ++ case '}': ++ case '~': ++ /* backslash special characters */ ++ *p++ = '\\'; ++ *p++ = ch; ++ break; ++ default: ++ *p++ = ch; ++ } ++ } ++ ++ /* terminate string */ ++ *p = '\0'; ++ ++ return dest; ++} ++ ++char * ++escape_pw (char *dest, const char *str) ++{ ++ /* backslash shell special charatcers */ ++ ++ char ch, *p = dest; ++ size_t len = strlen(str); ++ int i; ++ ++ for (i = 0; i < len; i++) ++ { ++ ch = str[i]; ++ ++ switch (ch) ++ { ++ /* ASCII table order */ ++ case '"': ++ case '$': ++ case 0x27: /* single quote */ ++ case '\\': ++ case '`': ++ /* backslash special characters */ ++ *p++ = '\\'; ++ *p++ = ch; ++ break; ++ default: ++ *p++ = ch; ++ } ++ } ++ ++ /* terminate string */ ++ *p = '\0'; ++ ++ return dest; ++} ++ + int REGPARAM + check_unzip (const char *pw) + { + char buff[1024]; ++ char path[1024]; ++ char escpw[256]; + int status; + +- sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, pw, file_path[0]); ++ escape_pw (escpw, pw); ++ path_for_shell (path, file_path[0]); ++ ++ sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, escpw, path); ++ + status = system (buff); + + #undef REDIR |