[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] check empty callback in mapfile

From: Chet Ramey
Subject: Re: [PATCH] check empty callback in mapfile
Date: Sun, 10 May 2015 22:06:27 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0

On 5/10/15 5:57 AM, isabella parakiss wrote:
> In builtins/mapfile.def there's this line:
> snprintf (execstr, execlen, "%s %d %s", callback, curindex, qline);
> If the callback is empty, bash runs '<space><number><space><line>'
> This smells a lot like code injection.

It might smell like that, but it looks more like something self-

``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]