rpms/less
5
0
Fork 0
Code Issues Pull Requests Releases Activity
c9s
less/less-590-CVE-2022-48624.patch
Matej Mužila a73ce97d97 Fix CVE-2022-48624 
Resolves: RHEL-26265
2024-02-21 15:55:43 +01:00

42 lines
1.2 KiB
Diff
Raw Permalink Blame History

From c6ac6de49698be84d264a0c4c0c40bb870b10144 Mon Sep 17 00:00:00 2001
From: Mark Nudelman <markn@greenwoodsoftware.com>
Date: Sat, 25 Jun 2022 11:54:43 -0700
Subject: [PATCH] Shell-quote filenames when invoking LESSCLOSE.
---
filename.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/filename.c b/filename.c
index 5824e38..dff20c0 100644
--- a/filename.c
+++ b/filename.c
@@ -972,6 +972,8 @@ close_altfile(altfilename, filename)
{
#if HAVE_POPEN
char *lessclose;
+ char *qfilename;
+ char *qaltfilename;
FILE *fd;
char *cmd;
int len;
@@ -986,9 +988,13 @@ close_altfile(altfilename, filename)
error("LESSCLOSE ignored; must contain no more than 2 %%s", NULL_PARG);
return;
}
- len = (int) (strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2);
+ qfilename = shell_quote(filename);
+ qaltfilename = shell_quote(altfilename);
+ len = (int) (strlen(lessclose) + strlen(qfilename) + strlen(qaltfilename) + 2);
cmd = (char *) ecalloc(len, sizeof(char));
- SNPRINTF2(cmd, len, lessclose, filename, altfilename);
+ SNPRINTF2(cmd, len, lessclose, qfilename, qaltfilename);
+ free(qaltfilename);
+ free(qfilename);
fd = shellcmd(cmd);
free(cmd);
if (fd != NULL)
--
2.41.0
Reference in New Issue View Git Blame Copy Permalink