From owner-freebsd-bugs Fri Jan 25 14:40:15 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A511937B41B for ; Fri, 25 Jan 2002 14:40:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0PMe1U45802; Fri, 25 Jan 2002 14:40:01 -0800 (PST) (envelope-from gnats) Date: Fri, 25 Jan 2002 14:40:01 -0800 (PST) Message-Id: <200201252240.g0PMe1U45802@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Giorgos Keramidas Subject: Re: misc/34270: man -k could be used to execute any command. Reply-To: Giorgos Keramidas Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR misc/34270; it has been noted by GNATS. From: Giorgos Keramidas To: Hironori SAKAMOTO Cc: bug-followup@freebsd.org Subject: Re: misc/34270: man -k could be used to execute any command. Date: Sat, 26 Jan 2002 00:39:11 +0200 (EET) This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1465720898-1011998351=:10216 Content-Type: TEXT/PLAIN; charset=US-ASCII Hello Hironori, Can you try the attached patch? It seems to work for me. I changed the quotes used by system() to quote the command to double quotes, and escape all double quotes in the shell command executed by system() with a backslash. $ ./man -k lala lala: nothing appropriate $ ./man -k lala\' lala': nothing appropriate $ ./man -k lala\" lala": nothing appropriate -- Giorgos Keramidas . . . . . . . . . keramida@{ceid.upatras.gr,freebsd.org} FreeBSD Documentation Project . . . http://www.freebsd.org/docproj/ FreeBSD: The power to serve . . . . http://www.freebsd.org/ --0-1465720898-1011998351=:10216 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="man.diff" Content-Transfer-Encoding: BASE64 Content-ID: <20020126003911.C10216@hades> Content-Description: gnu/usr.bin/man patch Content-Disposition: attachment; filename="man.diff" SW5kZXg6IGdudS91c3IuYmluL21hbi9tYW4vbWFuLmMNCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0NClJDUyBmaWxlOiAvaG9tZS9uY3ZzL3NyYy9nbnUvdXNy LmJpbi9tYW4vbWFuL21hbi5jLHYNCnJldHJpZXZpbmcgcmV2aXNpb24gMS41 Mw0KZGlmZiAtMiAtdSAtcjEuNTMgbWFuLmMNCi0tLSBnbnUvdXNyLmJpbi9t YW4vbWFuL21hbi5jCTIyIEphbiAyMDAyIDE1OjE1OjM4IC0wMDAwCTEuNTMN CisrKyBnbnUvdXNyLmJpbi9tYW4vbWFuL21hbi5jCTI1IEphbiAyMDAyIDIy OjM0OjM4IC0wMDAwDQpAQCAtNTIwLDQgKzUyMCw1NCBAQA0KIA0KIC8qDQor ICogQ291bnQgdGhlIG51bWJlciBvZiBkb3VibGUgcXVvdGUgY2hhcmFjdGVy cyBpbiBgc3RyaW5nJy4NCisgKi8NCitpbnQNCitjb3VudF9xdW90ZXMgKHN0 cmluZykNCisgICAgIGNoYXIgKnN0cmluZzsNCit7DQorICBjaGFyICpwOw0K KyAgaW50IGNvdW50Ow0KKyAgY2hhciBjaCA9ICciJzsNCisNCisgIGlmIChz dHJpbmcgPT0gTlVMTCkNCisgICAgcmV0dXJuIC0xOw0KKw0KKyAgcCA9IHN0 cmluZzsNCisgIGNvdW50ID0gMDsNCisgIHdoaWxlICgocCA9IHN0cmNocihw LCBjaCkpICE9IE5VTEwpIHsNCisgICAgY291bnQrKzsNCisgICAgcCsrOw0K KyAgfQ0KKw0KKyAgcmV0dXJuIGNvdW50Ow0KK30NCisNCisvKg0KKyAqIENv cHkgYHNyYycgdG8gYGRzdCcgZXNjYXBpbmcgYWxsIGRvdWJsZSBxdW90ZXMg d2l0aCBhIGJhY2tzbGFzaC4NCisgKi8NCitjaGFyICoNCitlc2NhcGVfcXVv dGVzIChzcmMpDQorICAgICAgY2hhciAqc3JjOw0KK3sNCisgIGNoYXIgKmRz dDsNCisgIGludCBsZW47DQorICBpbnQgaiwgazsNCisNCisgIGxlbiA9IHN0 cmxlbiAoc3JjKSArIGNvdW50X3F1b3RlcyAoc3JjKSArIDE7DQorICBpZiAo KGRzdCA9IChjaGFyICopIG1hbGxvYyAobGVuKSkgPT0gTlVMTCkNCisgICAg Z3JpcGVfYWxsb2MgKGxlbiwgImRzdCIpOw0KKw0KKyAgZm9yIChqID0gayA9 IDA7IGogPD0gc3RybGVuIChzcmMpOyBqKyssIGsrKykgew0KKyAgICBpZiAo c3JjW2pdID09ICciJykgew0KKyAgICAgIGRzdFtrXSA9ICdcXCc7DQorICAg ICAgaysrOw0KKyAgICB9DQorICAgIGRzdFtrXSA9IHNyY1tqXTsNCisgIH0N CisNCisgIHJldHVybiBkc3Q7DQorfQ0KKw0KKy8qDQogICogSGFuZGxlIHRo ZSBhcHJvcG9zIG9wdGlvbi4gIENoZWF0IGJ5IHVzaW5nIGFub3RoZXIgcHJv Z3JhbS4NCiAgKi8NCkBAIC01MjgsMTEgKzU3OCwxNiBAQA0KICAgcmVnaXN0 ZXIgaW50IGxlbjsNCiAgIHJlZ2lzdGVyIGNoYXIgKmNvbW1hbmQ7DQorICBj aGFyICpzOw0KKw0KKyAgaWYgKChzID0gZXNjYXBlX3F1b3RlcyhuYW1lKSkg PT0gTlVMTCkNCisgICAgcmV0dXJuOw0KIA0KLSAgbGVuID0gc3RybGVuIChB UFJPUE9TKSArIHN0cmxlbiAobmFtZSkgKyA0Ow0KKyAgbGVuID0gc3RybGVu IChBUFJPUE9TKSArIHN0cmxlbiAocykgKyA0Ow0KIA0KICAgaWYgKChjb21t YW5kID0gKGNoYXIgKikgbWFsbG9jKGxlbikpID09IE5VTEwpDQogICAgIGdy aXBlX2FsbG9jIChsZW4sICJjb21tYW5kIik7DQogDQotICBzcHJpbnRmIChj b21tYW5kLCAiJXMgXCIlc1wiIiwgQVBST1BPUywgbmFtZSk7DQorICBzcHJp bnRmIChjb21tYW5kLCAiJXMgXCIlc1wiIiwgQVBST1BPUywgcyk7DQorICBm cmVlIChzKTsNCiANCiAgICh2b2lkKSBkb19zeXN0ZW1fY29tbWFuZCAoY29t bWFuZCk7DQo= --0-1465720898-1011998351=:10216-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message