]>
Commit | Line | Data |
---|---|---|
f9dda27f JR |
1 | --- alpine-0.9999/pith/mailcap.c~ 2007-08-15 22:28:09.000000000 +0200 |
2 | +++ alpine-0.9999/pith/mailcap.c 2007-11-05 14:32:39.000000000 +0100 | |
3 | @@ -881,17 +881,19 @@ | |
4 | * have to put those outside of the single quotes. | |
5 | * (The parm+1000 nonsense is to protect against | |
6 | * malicious mail trying to overlow our buffer.) | |
7 | + * | |
8 | + * TCH - Change 2/8/1999 | |
9 | + * Also quote the ` slash to prevent execution of arbirtrary code | |
10 | */ | |
11 | for(p = parm; *p && p < parm+1000; p++){ | |
12 | - if(*p == '\''){ | |
13 | - if(to-tmp_20k_buf+3 < SIZEOF_20KBUF){ | |
14 | + if((*p == '\'')||(*p=='`')){ | |
15 | + if(to-tmp_20k_buf+4 < SIZEOF_20KBUF){ | |
16 | *to++ = '\''; /* closing quote */ | |
17 | *to++ = '\\'; | |
18 | - *to++ = '\''; /* below will be opening quote */ | |
19 | + *to++ = *p; /* quoted character */ | |
20 | + *to++ = '\''; /* opening quote */ | |
21 | } | |
22 | - } | |
23 | - | |
24 | - if(to-tmp_20k_buf < SIZEOF_20KBUF) | |
25 | + } else if(to-tmp_20k_buf < SIZEOF_20KBUF) | |
26 | *to++ = *p; | |
27 | } | |
28 |