[BUG] Missing new line in cmd.cgi [3.0.5] - PATCH included
Andreas Ericsson
ae at op5.se
Thu Nov 6 17:01:14 CET 2008
Hendrik Bäcker wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hendrik Bäcker schrieb:
>> @Andreas: Do you see any security risk when putting an "\n" to the
>> end of cmd in "cmd_submitf()"? Seems to me as the easiest way.
>>
> Hey,
>
> this might help even in a secure manner:
>
> - --- cmd.c 2008-11-06 15:11:33.000000000 +0100
> +++ cmd.c.patched 2008-11-06 15:05:44.000000000 +0100
> @@ -2250,6 +2250,7 @@
>
> /* write the command to file */
> fputs(cmd,fp);
> + fputs("\n",fp);
>
It should be be done as a single write. I'll come up with something.
I was stupid enough to think that fputs() works like puts() in that
it also writes out the newline. Reading 'man fputs', I guess I was
wrong.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
More information about the Developers
mailing list