[BUG] Missing new line in cmd.cgi [3.0.5] - PATCH included

Hendrik Bäcker andurin at process-zero.de
Thu Nov 6 15:13:19 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Hendrik Bäcker schrieb:
> @Andreas: Do you see any security risk when putting an "\n" to the
> end of cmd in "cmd_submitf()"? Seems to me as the easiest way.
>
Hey,

this might help even in a secure manner:

- --- cmd.c       2008-11-06 15:11:33.000000000 +0100
+++ cmd.c.patched       2008-11-06 15:05:44.000000000 +0100
@@ -2250,6 +2250,7 @@

        /* write the command to file */
        fputs(cmd,fp);
+       fputs("\n",fp);

        /* flush buffer */
        fflush(fp);

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
 
iD8DBQFJEvt/lI0PwfxLQjkRAhuiAJ4zQSEsvXJDcOcIu9iNv1H6T39+HQCfYC+C
kOkbZ+rIsMm4DiBoBfuKcfY=
=6f5q
-----END PGP SIGNATURE-----


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/




More information about the Developers mailing list