Date: Fri, 25 Jan 2002 11:10:26 -0800 (PST) From: Mike Makonnen <mike_makonnen@yahoo.com> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/34270: man -k could be used to execute any command. Message-ID: <200201251910.g0PJAQL98601@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/34270; it has been noted by GNATS.
From: Mike Makonnen <mike_makonnen@yahoo.com>
To: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: misc/34270: man -k could be used to execute any command.
Date: Fri, 25 Jan 2002 11:02:14 -0800
> >Fix:
> In do_apropos() in man/man.c, apropos name is only quoted with `"'.
>
> sprintf (command, "%s \"%s\"", APROPOS, name);
>
> Any special characters for /bin/sh should be escaped with `\'.
I think the command should be single quoted instead of double quoted.
Index: gnu/usr.bin/man/man/man.c
===================================================================
RCS file: /home/ncvs/src/gnu/usr.bin/man/man/man.c,v
retrieving revision 1.53
diff -u -r1.53 man.c
--- gnu/usr.bin/man/man/man.c 22 Jan 2002 15:15:38 -0000 1.53
+++ gnu/usr.bin/man/man/man.c 25 Jan 2002 18:50:49 -0000
@@ -533,7 +533,7 @@
if ((command = (char *) malloc(len)) == NULL)
gripe_alloc (len, "command");
- sprintf (command, "%s \"%s\"", APROPOS, name);
+ sprintf (command, "%s \'%s\'", APROPOS, name);
(void) do_system_command (command);
cheers,
mike makonnen
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201251910.g0PJAQL98601>