[BUG] Missing new line in cmd.cgi [3.0.5] - PATCH included

Andreas Ericsson ae at op5.se
Thu Nov 6 17:01:14 CET 2008

Previous message: [BUG] Missing new line in cmd.cgi [3.0.5] - PATCH included
Next message: [PATCH] daemon-init.in - init script
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hendrik Bäcker wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>  
> Hendrik Bäcker schrieb:
>> @Andreas: Do you see any security risk when putting an "\n" to the
>> end of cmd in "cmd_submitf()"? Seems to me as the easiest way.
>>
> Hey,
> 
> this might help even in a secure manner:
> 
> - --- cmd.c       2008-11-06 15:11:33.000000000 +0100
> +++ cmd.c.patched       2008-11-06 15:05:44.000000000 +0100
> @@ -2250,6 +2250,7 @@
> 
>         /* write the command to file */
>         fputs(cmd,fp);
> +       fputs("\n",fp);
> 

It should be be done as a single write. I'll come up with something.

I was stupid enough to think that fputs() works like puts() in that
it also writes out the newline. Reading 'man fputs', I guess I was
wrong.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Previous message: [BUG] Missing new line in cmd.cgi [3.0.5] - PATCH included
Next message: [PATCH] daemon-init.in - init script
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list