Mail Archives: cygwin/2006/11/22/13:41:16
--------------070807050408020607000309
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Actually, I have merged the patch in the next release candidate but I
cannot release it in the current form (attached).
Here is the problem: once the patch is in place, the quoted mode of the
is_shell_safe() function becomes useless, as the main difference is an
increment to skip checking for whitespace (in src/util.c).
In the current form, however, the patch removes bad[0] (which used to be
whitespace), and as a result the ++ increment results in quoted strings
not being checked for ';'.
This is perhaps not all that dangerous, but still sloppy. I point it out
here because I understand that the CYGWIN codebase currently ships the
patch.
Input and corrections are welcome.
Best -F
Federico Lucifredi wrote:
> Hello Volker,
> Thank you for passing over the patch, I had misunderstood Bruce's report for another issue.
>
> Patch merged in 1.6f candidate, it will be in the next release.
>
> Best -Federico
>
>
> _________________________________________
> -- "'Problem' is a bleak word for challenge" - Richard Fish
> (Federico L. Lucifredi)-
>
>
>
--
_________________________________________
-- "'Problem' is a bleak word for challenge" - Richard Fish
(Federico L. Lucifredi) - http://www.lucifredi.com
--------------070807050408020607000309
Content-Type: text/plain;
name="man-1.6d.safe.patch"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="man-1.6d.safe.patch"
ZGlmZiAtdXJOIC14IENZR1dJTi1QQVRDSEVTIC14ICdhY2xvY2FsLm00Kicg
LXggbHRtYWluLnNoIC14ICdjb25maWcuKicgLXggZGVwY29tcCAteCBpbnN0
YWxsLXNoIC14IG1pc3NpbmcgLXggbWtpbnN0YWxsZGlycyAteCBhdXRvbTR0
ZS5jYWNoZSAteCAnKmNvbXBpbGUnIC14IE1ha2VmaWxlLmluLmluIC14ICdp
bnRsdG9vbCouaW4nIC14ICd4bWwtaTE4bi0qLmluJyAteCAnKi5weWMnIC14
ICcqLm1vJyAteCAnKi5nbW8nIC14IEFCT1VULU5MUyAteCBNYWtldmFycy50
ZW1wbGF0ZSAteCBDT1BZSU5HIC14IElOU1RBTEwgLXggJyoub3JpZycgLXgg
JyoucmVqJyAteCAnKn4nIC14ICcqLnRlbXAnIC14IHRleGluZm8udGV4IC14
IHlsd3JhcCAteCBnbm9tZS1kb2MtdXRpbHMubWFrZSAteCBnbm9tZS1kb2Mt
dXRpbHMubTQgLXggaW50bHRvb2wubTQgLXggb21mLm1ha2UgLXggeG1sZG9j
cy5tYWtlIG9yaWdzcmMvbWFuLTEuNmQvc3JjL21hbi5jIHNyYy9tYW4tMS42
ZC9zcmMvbWFuLmMNCi0tLSBvcmlnc3JjL21hbi0xLjZkL3NyYy9tYW4uYwky
MDA2LTA1LTAxIDIyOjM0OjIyLjAwMDAwMDAwMCArMDIwMA0KKysrIHNyYy9t
YW4tMS42ZC9zcmMvbWFuLmMJMjAwNi0xMS0xNyAxMTozNTozOS4wNDk1Nzky
MDAgKzAxMDANCkBAIC03ODEsMTAgKzc4MSwxMCBAQA0KIAkgICAgIEJ1dCBp
dCBjaGFuZ2VzIHRoZSBtZWFuaW5nIG9mIG1hbl9maWxlIGFuZCBjYXRfZmls
ZSwNCiAJICAgICBpZiB0aGVzZSBhcmUgbm90IGFic29sdXRlLiAqLw0KIAkN
Ci0JICBjb21tYW5kID0gbXlfeHNwcmludGYoIihjZCAlUyAmJiAlcyB8ICVT
ID4gJVMpIiwgcGF0aCwNCisJICBjb21tYW5kID0gbXlfeHNwcmludGYoIihj
ZCBcIiVTXCIgJiYgJXMgfCAlUyA+ICVTKSIsIHBhdGgsDQogCQkgICByb2Zm
X2NvbW1hbmQsIGdldHZhbCgiQ09NUFJFU1MiKSwgY2F0X2ZpbGUpOw0KICAg
ICAgZWxzZQ0KLQkgIGNvbW1hbmQgPSBteV94c3ByaW50ZiAoIihjZCAlUyAm
JiAlcyA+ICVTKSIsIHBhdGgsDQorCSAgY29tbWFuZCA9IG15X3hzcHJpbnRm
ICgiKGNkIFwiJVNcIiAmJiAlcyA+ICVTKSIsIHBhdGgsDQogCQkgICByb2Zm
X2NvbW1hbmQsIGNhdF9maWxlKTsNCiANCiAgICAgIC8qDQpAQCAtODI5LDkg
KzgyOSw5IEBADQogICAgICBpZiAocm9mZl9jb21tYW5kID09IE5VTEwpDQog
CSAgcmV0dXJuIDA7DQogICAgICBpZiAoZG9fdHJvZmYpDQotCSAgY29tbWFu
ZCA9IG15X3hzcHJpbnRmICgiKGNkICVTICYmICVzKSIsIHBhdGgsIHJvZmZf
Y29tbWFuZCk7DQorCSAgY29tbWFuZCA9IG15X3hzcHJpbnRmICgiKGNkIFwi
JVNcIiAmJiAlcykiLCBwYXRoLCByb2ZmX2NvbW1hbmQpOw0KICAgICAgZWxz
ZQ0KLQkgIGNvbW1hbmQgPSBteV94c3ByaW50ZiAoIihjZCAlUyAmJiAlcyB8
ICVzKSIsIHBhdGgsDQorCSAgY29tbWFuZCA9IG15X3hzcHJpbnRmICgiKGNk
IFwiJVNcIiAmJiAlcyB8ICVzKSIsIHBhdGgsDQogCQkgICByb2ZmX2NvbW1h
bmQsIHBhZ2VyKTsNCiANCiAgICAgIHJldHVybiAhZG9fc3lzdGVtX2NvbW1h
bmQgKGNvbW1hbmQsIDApOw0KQEAgLTk0MCw3ICs5NDAsNyBAQA0KIAkgIGlm
IChyb2ZmX2NvbW1hbmQgPT0gTlVMTCkNCiAJICAgICAgIHJldHVybiAwOw0K
IA0KLQkgIGNvbW1hbmQgPSBteV94c3ByaW50ZigiKGNkICVTICYmICVzKSIs
IHBhdGgsIHJvZmZfY29tbWFuZCk7DQorCSAgY29tbWFuZCA9IG15X3hzcHJp
bnRmKCIoY2QgXCIlU1wiICYmICVzKSIsIHBhdGgsIHJvZmZfY29tbWFuZCk7
DQogCSAgcmV0dXJuICFkb19zeXN0ZW1fY29tbWFuZCAoY29tbWFuZCwgMCk7
DQogICAgICB9DQogDQpkaWZmIC11ck4gLXggQ1lHV0lOLVBBVENIRVMgLXgg
J2FjbG9jYWwubTQqJyAteCBsdG1haW4uc2ggLXggJ2NvbmZpZy4qJyAteCBk
ZXBjb21wIC14IGluc3RhbGwtc2ggLXggbWlzc2luZyAteCBta2luc3RhbGxk
aXJzIC14IGF1dG9tNHRlLmNhY2hlIC14ICcqY29tcGlsZScgLXggTWFrZWZp
bGUuaW4uaW4gLXggJ2ludGx0b29sKi5pbicgLXggJ3htbC1pMThuLSouaW4n
IC14ICcqLnB5YycgLXggJyoubW8nIC14ICcqLmdtbycgLXggQUJPVVQtTkxT
IC14IE1ha2V2YXJzLnRlbXBsYXRlIC14IENPUFlJTkcgLXggSU5TVEFMTCAt
eCAnKi5vcmlnJyAteCAnKi5yZWonIC14ICcqficgLXggJyoudGVtcCcgLXgg
dGV4aW5mby50ZXggLXggeWx3cmFwIC14IGdub21lLWRvYy11dGlscy5tYWtl
IC14IGdub21lLWRvYy11dGlscy5tNCAteCBpbnRsdG9vbC5tNCAteCBvbWYu
bWFrZSAteCB4bWxkb2NzLm1ha2Ugb3JpZ3NyYy9tYW4tMS42ZC9zcmMvdXRp
bC5jIHNyYy9tYW4tMS42ZC9zcmMvdXRpbC5jDQotLS0gb3JpZ3NyYy9tYW4t
MS42ZC9zcmMvdXRpbC5jCTIwMDYtMDUtMDEgMjI6MzQ6NDkuMDAwMDAwMDAw
ICswMjAwDQorKysgc3JjL21hbi0xLjZkL3NyYy91dGlsLmMJMjAwNi0xMS0x
NyAxMTozNjo1Mi44NzU3MzYwMDAgKzAxMDANCkBAIC0yNDIsNyArMjQyLDcg
QEANCiANCiBzdGF0aWMgaW50DQogaXNfc2hlbGxfc2FmZShjb25zdCBjaGFy
ICpzcywgaW50IHF1b3RlZCkgew0KLQljaGFyICpiYWQgPSAiIDsnXFxcIjw+
fCI7DQorCWNoYXIgKmJhZCA9ICI7J1xcXCI8PnwiOw0KIAljaGFyICpwOw0K
IA0KIAlpZiAocXVvdGVkKQ0K
--------------070807050408020607000309
Content-Type: text/plain; charset=us-ascii
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
--------------070807050408020607000309--
- Raw text -