Date: Wed, 18 Aug 2004 16:00:54 GMT From: Rudolf Polzer <polzer@informatik.uni-frankfurt.de> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/70618: print/a2ps-* using "file -L %s" as shell argument --> dangerous to use it in world-writable directories Message-ID: <200408181600.i7IG0su5035078@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/70618; it has been noted by GNATS. From: Rudolf Polzer <polzer@informatik.uni-frankfurt.de> To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: ports/70618: print/a2ps-* using "file -L %s" as shell argument --> dangerous to use it in world-writable directories Date: Wed, 18 Aug 2004 17:38:39 +0200 The patch has a minor bug: in out-of-memory conditions, it attempts to free the empty string "". Perhaps one should better return NULL in this case and let the other function return NULL, too, that is, change + if(!outp) + return ""; /* perhaps one should do better error handling here */ into + if(!outp) + return NULL; and + filename = shell_escape(filename); into + filename = shell_escape(filename); + if(filename == NULL) + return NULL; After that, IIRC @@ -144,11 +174,13 @@ must be changed into @@ -144,11 +174,15 @@ Then it should work even then.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408181600.i7IG0su5035078>