[packages/alpine.git] / alpine-quote.patch

--- alpine-0.9999/pith/mailcap.c~	2007-08-15 22:28:09.000000000 +0200
+++ alpine-0.9999/pith/mailcap.c	2007-11-05 14:32:39.000000000 +0100
@@ -881,17 +881,19 @@
 		     * have to put those outside of the single quotes.
 		     * (The parm+1000 nonsense is to protect against
 		     * malicious mail trying to overlow our buffer.)
+		     *
+		     * TCH - Change 2/8/1999
+		     * Also quote the ` slash to prevent execution of arbirtrary code
 		     */
 		    for(p = parm; *p && p < parm+1000; p++){
-			if(*p == '\''){
-			    if(to-tmp_20k_buf+3 < SIZEOF_20KBUF){
+			if((*p == '\'')||(*p=='`')){
+			    if(to-tmp_20k_buf+4 < SIZEOF_20KBUF){
 				*to++ = '\'';  /* closing quote */
 				*to++ = '\\';
-				*to++ = '\'';  /* below will be opening quote */
+				*to++ = *p; /* quoted character */
+				*to++ = '\'';  /* opening quote */
 			    }
-			}
-
-			if(to-tmp_20k_buf < SIZEOF_20KBUF)
+			} else if(to-tmp_20k_buf < SIZEOF_20KBUF)
 			  *to++ = *p;
 		    }
Commit	Line	Data
f9dda27f JR	1	--- alpine-0.9999/pith/mailcap.c~ 2007-08-15 22:28:09.000000000 +0200
	2	+++ alpine-0.9999/pith/mailcap.c 2007-11-05 14:32:39.000000000 +0100
	3	@@ -881,17 +881,19 @@
	4	* have to put those outside of the single quotes.
	5	* (The parm+1000 nonsense is to protect against
	6	* malicious mail trying to overlow our buffer.)
	7	+ *
	8	+ * TCH - Change 2/8/1999
	9	+ * Also quote the ` slash to prevent execution of arbirtrary code
	10	*/
	11	for(p = parm; *p && p < parm+1000; p++){
	12	- if(*p == '\''){
	13	- if(to-tmp_20k_buf+3 < SIZEOF_20KBUF){
	14	+ if((p == '\'')\|\|(p=='`')){
	15	+ if(to-tmp_20k_buf+4 < SIZEOF_20KBUF){
	16	to++ = '\''; / closing quote */
	17	*to++ = '\\';
	18	- to++ = '\''; / below will be opening quote */
	19	+ to++ = p; /* quoted character */
	20	+ to++ = '\''; / opening quote */
	21	}
	22	- }
	23	-
	24	- if(to-tmp_20k_buf < SIZEOF_20KBUF)
	25	+ } else if(to-tmp_20k_buf < SIZEOF_20KBUF)
	26	to++ = p;
	27	}
	28