Re: htags cgi bug on win32

bug-global

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: htags cgi bug on win32

From:	Shigio YAMAGUCHI
Subject:	Re: htags cgi bug on win32
Date:	Thu, 15 Feb 2007 09:14:02 +0900

Hello,
> Well, the HTML which htags generated with cgi option can't search on Win32
> Platform.
> 
> I dig into the problem, I found that :
> 
> htags/global.cgi :
> open(PIPE, "-|") || exec '@globalpath@', '--result=ctags-xid', '-e',
> $pattern;
> 
> The problem is, the "-|" is not supported on Win32.
> 
> So, I wrote this patch.
> 
> Please review it.

It seems that the patch is vulnerable to the attack called
'OS command injection'. Since the method which uses
'open(PIPE, "-|") || exec' is safe in UNIX environment,
I hesitate to change it.

I will accept any patch for Windows if it works well without
security hole and it doesn't influence UNIX environment.

Anyway, thank you for your report.
--
Shigio YAMAGUCHI <address@hidden> - Tama Communications Corporation
PGP fingerprint: D1CB 0B89 B346 4AB6 5663  C4B6 3CA5 BBB3 57BE DDA3

[Prev in Thread]

Current Thread

[Next in Thread]

htags cgi bug on win32, Leon Zhang, 2007/02/14
- Re: htags cgi bug on win32, Shigio YAMAGUCHI <=

Prev by Date: htags cgi bug on win32
Previous by thread: htags cgi bug on win32
Index(es):
- Date
- Thread