Update of /cvsroot/gaim/gaim/src
In directory usw-pr-cvs1:/tmp/cvs-serv26287/src
Modified Files:
browser.c gaimrc.c
Log Message:
Fixed potential security vulnerability
Index: browser.c
===================================================================
RCS file: /cvsroot/gaim/gaim/src/browser.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- browser.c 17 Jun 2002 00:10:34 -0000 1.23
+++ browser.c 11 Aug 2002 09:03:32 -0000 1.24
@@ -559,6 +559,58 @@
}
+#if !GTK_CHECK_VERSION(1,3,0)
+/* From Glib 2.0 */
+/**
+ * g_shell_quote:
+ * @unquoted_string: a literal string
+ *
+ * Quotes a string so that the shell (/bin/sh) will interpret the
+ * quoted string to mean @unquoted_string. If you pass a filename to
+ * the shell, for example, you should first quote it with this
+ * function. The return value must be freed with g_free(). The
+ * quoting style used is undefined (single or double quotes may be
+ * used).
+ *
+ * Return value: quoted string
+**/
+gchar*
+g_shell_quote (const gchar *unquoted_string)
+{
+ /* We always use single quotes, because the algorithm is cheesier.
+ * We could use double if we felt like it, that might be more
+ * human-readable.
+ */
+ const gchar *p;
+ GString *dest;
+
+ g_return_val_if_fail (unquoted_string != NULL, NULL);
+
+ dest = g_string_new ("'");
+
+ p = unquoted_string;
+
+ /* could speed this up a lot by appending chunks of text at a
+ * time.
+ */
+ while (*p)
+ {
+ /* Replace literal ' with a close ', a \', and a open ' */
+ if (*p == '\'')
+ g_string_append (dest, "'\\''");
+ else
+ g_string_append_c (dest, *p);
+ ++p;
+ }
+ /* close the quote */
+ g_string_append_c (dest, '\'');
+
+ p = dest->str;
+ g_string_free (dest, FALSE);
+ return p;
+}
+#endif
+
void open_url(GtkWidget *w, char *url)
{
@@ -584,7 +636,7 @@
if (pid == 0) {
char *args[4];
char command[1024];
-
+
if (web_browser == BROWSER_OPERA) {
args[0] = "opera";
args[1] = "-newwindow";
@@ -610,7 +662,9 @@
args[1] = url;
args[2] = NULL;
} else if (web_browser == BROWSER_MANUAL) {
- g_snprintf(command, sizeof(command), web_command, url);
+ char *quoted = g_shell_quote(command);
+ g_snprintf(command, sizeof(command), web_command, quoted);
+ g_free(quoted);
args[0] = "sh";
args[1] = "-c";
args[2] = command;
Index: gaimrc.c
===================================================================
RCS file: /cvsroot/gaim/gaim/src/gaimrc.c,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -d -r1.98 -r1.99
--- gaimrc.c 11 Aug 2002 06:42:16 -0000 1.98
+++ gaimrc.c 11 Aug 2002 09:03:32 -0000 1.99
@@ -829,9 +829,7 @@
away_resend = 120;
if (misc_options & OPT_MISC_BUDDY_TICKER) {
- char *tickerplugin = g_build_filename(LIBDIR, "ticker.so", NULL);
- load_plugin(tickerplugin);
- g_free(tickerplugin);
+ load_plugin(LIBDIR "/ticker.so");
misc_options &= ~OPT_MISC_BUDDY_TICKER;
}
}
|
