Date: Fri, 25 Jan 2002 14:40:01 -0800 (PST) From: Giorgos Keramidas <keramida@freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/34270: man -k could be used to execute any command. Message-ID: <200201252240.g0PMe1U45802@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/34270; it has been noted by GNATS.
From: Giorgos Keramidas <keramida@freebsd.org>
To: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Cc: bug-followup@freebsd.org
Subject: Re: misc/34270: man -k could be used to execute any command.
Date: Sat, 26 Jan 2002 00:39:11 +0200 (EET)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--0-1465720898-1011998351=:10216
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hello Hironori,
Can you try the attached patch?
It seems to work for me.
I changed the quotes used by system() to quote the command to double
quotes, and escape all double quotes in the shell command executed by
system() with a backslash.
$ ./man -k lala
lala: nothing appropriate
$ ./man -k lala\'
lala': nothing appropriate
$ ./man -k lala\"
lala": nothing appropriate
--
Giorgos Keramidas . . . . . . . . . keramida@{ceid.upatras.gr,freebsd.org}
FreeBSD Documentation Project . . . http://www.freebsd.org/docproj/
FreeBSD: The power to serve . . . . http://www.freebsd.org/
--0-1465720898-1011998351=:10216
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="man.diff"
Content-Transfer-Encoding: BASE64
Content-ID: <20020126003911.C10216@hades>
Content-Description: gnu/usr.bin/man patch
Content-Disposition: attachment; filename="man.diff"
SW5kZXg6IGdudS91c3IuYmluL21hbi9tYW4vbWFuLmMNCj09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT0NClJDUyBmaWxlOiAvaG9tZS9uY3ZzL3NyYy9nbnUvdXNy
LmJpbi9tYW4vbWFuL21hbi5jLHYNCnJldHJpZXZpbmcgcmV2aXNpb24gMS41
Mw0KZGlmZiAtMiAtdSAtcjEuNTMgbWFuLmMNCi0tLSBnbnUvdXNyLmJpbi9t
YW4vbWFuL21hbi5jCTIyIEphbiAyMDAyIDE1OjE1OjM4IC0wMDAwCTEuNTMN
CisrKyBnbnUvdXNyLmJpbi9tYW4vbWFuL21hbi5jCTI1IEphbiAyMDAyIDIy
OjM0OjM4IC0wMDAwDQpAQCAtNTIwLDQgKzUyMCw1NCBAQA0KIA0KIC8qDQor
ICogQ291bnQgdGhlIG51bWJlciBvZiBkb3VibGUgcXVvdGUgY2hhcmFjdGVy
cyBpbiBgc3RyaW5nJy4NCisgKi8NCitpbnQNCitjb3VudF9xdW90ZXMgKHN0
cmluZykNCisgICAgIGNoYXIgKnN0cmluZzsNCit7DQorICBjaGFyICpwOw0K
KyAgaW50IGNvdW50Ow0KKyAgY2hhciBjaCA9ICciJzsNCisNCisgIGlmIChz
dHJpbmcgPT0gTlVMTCkNCisgICAgcmV0dXJuIC0xOw0KKw0KKyAgcCA9IHN0
cmluZzsNCisgIGNvdW50ID0gMDsNCisgIHdoaWxlICgocCA9IHN0cmNocihw
LCBjaCkpICE9IE5VTEwpIHsNCisgICAgY291bnQrKzsNCisgICAgcCsrOw0K
KyAgfQ0KKw0KKyAgcmV0dXJuIGNvdW50Ow0KK30NCisNCisvKg0KKyAqIENv
cHkgYHNyYycgdG8gYGRzdCcgZXNjYXBpbmcgYWxsIGRvdWJsZSBxdW90ZXMg
d2l0aCBhIGJhY2tzbGFzaC4NCisgKi8NCitjaGFyICoNCitlc2NhcGVfcXVv
dGVzIChzcmMpDQorICAgICAgY2hhciAqc3JjOw0KK3sNCisgIGNoYXIgKmRz
dDsNCisgIGludCBsZW47DQorICBpbnQgaiwgazsNCisNCisgIGxlbiA9IHN0
cmxlbiAoc3JjKSArIGNvdW50X3F1b3RlcyAoc3JjKSArIDE7DQorICBpZiAo
KGRzdCA9IChjaGFyICopIG1hbGxvYyAobGVuKSkgPT0gTlVMTCkNCisgICAg
Z3JpcGVfYWxsb2MgKGxlbiwgImRzdCIpOw0KKw0KKyAgZm9yIChqID0gayA9
IDA7IGogPD0gc3RybGVuIChzcmMpOyBqKyssIGsrKykgew0KKyAgICBpZiAo
c3JjW2pdID09ICciJykgew0KKyAgICAgIGRzdFtrXSA9ICdcXCc7DQorICAg
ICAgaysrOw0KKyAgICB9DQorICAgIGRzdFtrXSA9IHNyY1tqXTsNCisgIH0N
CisNCisgIHJldHVybiBkc3Q7DQorfQ0KKw0KKy8qDQogICogSGFuZGxlIHRo
ZSBhcHJvcG9zIG9wdGlvbi4gIENoZWF0IGJ5IHVzaW5nIGFub3RoZXIgcHJv
Z3JhbS4NCiAgKi8NCkBAIC01MjgsMTEgKzU3OCwxNiBAQA0KICAgcmVnaXN0
ZXIgaW50IGxlbjsNCiAgIHJlZ2lzdGVyIGNoYXIgKmNvbW1hbmQ7DQorICBj
aGFyICpzOw0KKw0KKyAgaWYgKChzID0gZXNjYXBlX3F1b3RlcyhuYW1lKSkg
PT0gTlVMTCkNCisgICAgcmV0dXJuOw0KIA0KLSAgbGVuID0gc3RybGVuIChB
UFJPUE9TKSArIHN0cmxlbiAobmFtZSkgKyA0Ow0KKyAgbGVuID0gc3RybGVu
IChBUFJPUE9TKSArIHN0cmxlbiAocykgKyA0Ow0KIA0KICAgaWYgKChjb21t
YW5kID0gKGNoYXIgKikgbWFsbG9jKGxlbikpID09IE5VTEwpDQogICAgIGdy
aXBlX2FsbG9jIChsZW4sICJjb21tYW5kIik7DQogDQotICBzcHJpbnRmIChj
b21tYW5kLCAiJXMgXCIlc1wiIiwgQVBST1BPUywgbmFtZSk7DQorICBzcHJp
bnRmIChjb21tYW5kLCAiJXMgXCIlc1wiIiwgQVBST1BPUywgcyk7DQorICBm
cmVlIChzKTsNCiANCiAgICh2b2lkKSBkb19zeXN0ZW1fY29tbWFuZCAoY29t
bWFuZCk7DQo=
--0-1465720898-1011998351=:10216--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201252240.g0PMe1U45802>