[Pkg-clamav-devel] Bug#781091: Bug#781091: clamav-freshclam: illegal characters in init script
Kiss Gabor (Bitman)
kissg at ssg.ki.iif.hu
Tue Mar 24 17:41:22 UTC 2015
Dear Sebastian,
> >Please check pathfind() function in /etc/init.d/clamav-freshclam.
> >
> >All double quotes (", ASCII 34, 0x22) are replaced by strange UTF-8
> >byte sequences e2 80 9d (U+201D, RIGHT DOUBLE QUOTATION MARK).
>
> aside from the fact that this should not be there, do you have
> limitations / problems with this? I'm going to fix this but I just
> wanted to know what problems this causes.
Do you mean "beyond confusing the user with no UTF-8 capable terminal"? :-)
Probably no functional error is expected.
But after the two make_dir function call in line 278, 279
special variable IFS contains unwanted chars too
that may - in theory - cause problems in word splitting later.
Look this for example:
chown $DatabaseOwner $PidFile
If unquoted $DatabaseOwner (that may be be overridden by config file)
- accidentally - contains any of the above bytes the command will
be applied to more than one file. (Errr... $PidFile is also vulnerable.)
Gabor
--
A mug of beer, please. Shaken, not stirred.
More information about the Pkg-clamav-devel
mailing list