This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Makewhatis problem in Man 1.5p-1


Actually, I have merged the patch in the next release candidate but I cannot release it in the current form (attached).

Here is the problem: once the patch is in place, the quoted mode of the is_shell_safe() function becomes useless, as the main difference is an increment to skip checking for whitespace (in src/util.c).

In the current form, however, the patch removes bad[0] (which used to be whitespace), and as a result the ++ increment results in quoted strings not being checked for ';'.

This is perhaps not all that dangerous, but still sloppy. I point it out here because I understand that the CYGWIN codebase currently ships the patch.

Input and corrections are welcome.

Best -F

Federico Lucifredi wrote:
Hello Volker,
 Thank you for passing over the patch, I had misunderstood Bruce's report for another issue.

Patch merged in 1.6f candidate, it will be in the next release.

Best -Federico


_________________________________________ -- "'Problem' is a bleak word for challenge" - Richard Fish (Federico L. Lucifredi)-





--

_________________________________________
-- "'Problem' is a bleak word for challenge" - Richard Fish
(Federico L. Lucifredi) - http://www.lucifredi.com
diff -urN -x CYGWIN-PATCHES -x 'aclocal.m4*' -x ltmain.sh -x 'config.*' -x depcomp -x install-sh -x missing -x mkinstalldirs -x autom4te.cache -x '*compile' -x Makefile.in.in -x 'intltool*.in' -x 'xml-i18n-*.in' -x '*.pyc' -x '*.mo' -x '*.gmo' -x ABOUT-NLS -x Makevars.template -x COPYING -x INSTALL -x '*.orig' -x '*.rej' -x '*~' -x '*.temp' -x texinfo.tex -x ylwrap -x gnome-doc-utils.make -x gnome-doc-utils.m4 -x intltool.m4 -x omf.make -x xmldocs.make origsrc/man-1.6d/src/man.c src/man-1.6d/src/man.c
--- origsrc/man-1.6d/src/man.c	2006-05-01 22:34:22.000000000 +0200
+++ src/man-1.6d/src/man.c	2006-11-17 11:35:39.049579200 +0100
@@ -781,10 +781,10 @@
 	     But it changes the meaning of man_file and cat_file,
 	     if these are not absolute. */
 	
-	  command = my_xsprintf("(cd %S && %s | %S > %S)", path,
+	  command = my_xsprintf("(cd \"%S\" && %s | %S > %S)", path,
 		   roff_command, getval("COMPRESS"), cat_file);
      else
-	  command = my_xsprintf ("(cd %S && %s > %S)", path,
+	  command = my_xsprintf ("(cd \"%S\" && %s > %S)", path,
 		   roff_command, cat_file);
 
      /*
@@ -829,9 +829,9 @@
      if (roff_command == NULL)
 	  return 0;
      if (do_troff)
-	  command = my_xsprintf ("(cd %S && %s)", path, roff_command);
+	  command = my_xsprintf ("(cd \"%S\" && %s)", path, roff_command);
      else
-	  command = my_xsprintf ("(cd %S && %s | %s)", path,
+	  command = my_xsprintf ("(cd \"%S\" && %s | %s)", path,
 		   roff_command, pager);
 
      return !do_system_command (command, 0);
@@ -940,7 +940,7 @@
 	  if (roff_command == NULL)
 	       return 0;
 
-	  command = my_xsprintf("(cd %S && %s)", path, roff_command);
+	  command = my_xsprintf("(cd \"%S\" && %s)", path, roff_command);
 	  return !do_system_command (command, 0);
      }
 
diff -urN -x CYGWIN-PATCHES -x 'aclocal.m4*' -x ltmain.sh -x 'config.*' -x depcomp -x install-sh -x missing -x mkinstalldirs -x autom4te.cache -x '*compile' -x Makefile.in.in -x 'intltool*.in' -x 'xml-i18n-*.in' -x '*.pyc' -x '*.mo' -x '*.gmo' -x ABOUT-NLS -x Makevars.template -x COPYING -x INSTALL -x '*.orig' -x '*.rej' -x '*~' -x '*.temp' -x texinfo.tex -x ylwrap -x gnome-doc-utils.make -x gnome-doc-utils.m4 -x intltool.m4 -x omf.make -x xmldocs.make origsrc/man-1.6d/src/util.c src/man-1.6d/src/util.c
--- origsrc/man-1.6d/src/util.c	2006-05-01 22:34:49.000000000 +0200
+++ src/man-1.6d/src/util.c	2006-11-17 11:36:52.875736000 +0100
@@ -242,7 +242,7 @@
 
 static int
 is_shell_safe(const char *ss, int quoted) {
-	char *bad = " ;'\\\"<>|";
+	char *bad = ";'\\\"<>|";
 	char *p;
 
 	if (quoted)
--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]