1 Star 0 Fork 44

A-Znk/less_1

forked from A-Znk/less 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
backport-CVE-2024-32487.patch 1.63 KB
一键复制 编辑 原始数据 按行查看 历史
wjiang 提交于 2024-04-22 14:29 . fix CVE-2024-32487
From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
From: Mark Nudelman <[email protected]>
Date: Thu, 11 Apr 2024 17:49:48 -0700
Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
---
filename.c | 29 ++++++++++++++++++++++++-----
1 file changed, 24 insertions(+), 5 deletions(-)
diff --git a/filename.c b/filename.c
index 5d7a5ef..987c24a 100644
--- a/filename.c
+++ b/filename.c
@@ -133,6 +133,15 @@ static int metachar(char c)
return (strchr(metachars(), c) != NULL);
}
+/*
+ * Must use quotes rather than escape char for this metachar?
+ */
+static int must_quote(char c)
+{
+ /* {{ Maybe the set of must_quote chars should be configurable? }} */
+ return (c == '\n');
+}
+
/*
* Insert a backslash before each metacharacter in a string.
*/
@@ -165,6 +174,9 @@ public char * shell_quoten(constant char *s, size_t slen)
* doesn't support escape chars. Use quotes.
*/
use_quotes = 1;
+ } else if (must_quote(*p))
+ {
+ len += 3; /* open quote + char + close quote */
} else
{
/*
@@ -195,15 +207,22 @@ public char * shell_quoten(constant char *s, size_t slen)
constant char *es = s + slen;
while (s < es)
{
- if (metachar(*s))
+ if (!metachar(*s))
{
- /*
- * Add the escape char.
- */
+ *np++ = *s++;
+ } else if (must_quote(*s))
+ {
+ /* Surround the char with quotes. */
+ *np++ = openquote;
+ *np++ = *s++;
+ *np++ = closequote;
+ } else
+ {
+ /* Insert an escape char before the char. */
strcpy(np, esc);
np += esclen;
+ *np++ = *s++;
}
- *np++ = *s++;
}
*np = '\0';
}
--
2.43.0
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/a-znk/less_1.git
[email protected]:a-znk/less_1.git
a-znk
less_1
less_1
master

搜索帮助