Rafael Sadowski said:
> - czarkoff@'s file(1)-based mime type detection patch.
My patch was actually bad. It does not fix vulnerability it is supposed
to fix.
| + if (strchr(filename, '\''))
| + {
| + qp = quoted_filename;
| +
| + do {
| + if (*filename == '\'')
| + *qp++ = '\\';
| + *qp++ = *filename;
| + } while (*filename++ != '\0');
| +
| + filename = quoted_filename;
| + }
| +
For some reason I thought that backslash-escaping single quotes inside
single-quoted string in shell will help. It won't. Eg. filename
'$(rm -R ~)
will cause all the due damage.
The quoting part can be improved to replace every single quote with
'\"'
but I am not sure whether it will solve all the problems. It would make
most sense to switching code from popen(3) to fork(2)+exec(3) instead.
> - add "no_x11" flavor (from czarkoff@).
> -- no_x11 flavor comes with 3 wantlibs ;)
Once "file" backend is fixed, there would be no need in flavors any more
I believe.
--
Dmitrij D. Czarkoff
