[Pkg-pascal-devel] Bug#1053373: winff: shell injection
Peter B
peter at pblackman.plus.com
Mon Feb 19 14:36:07 GMT 2024
On Fri, 26 Jan 2024 22:45:28 +0100 Jakub Wilk <jwilk at jwilk.net> wrote:
> Control: found -1 1.6.2+dfsg-2
>
> The fix is insufficient. To reproduce, try converting the file created
> by this command:
>
> touch '`cowsay pwned >&2; sleep inf`.mp3'
>
I'm now escaping backticks. This fixes the issue with above file.
> Single-quoted strings are better suited for shell-escaping, because the
> only character to care of is the single quote itself. That is, the whole
> escaping procedure could look like this:
>
> 1) Replace every ' character with: '\''
>
> 2) Add single quotes around the whole thing.
>
Noted. Thanks for the suggestion.
However, I'm wary of a more invasive change, and more divergence between
Linux & Windows codepaths, so have stuck with the simpler solution for now.
Regards,
Peter
More information about the Pkg-pascal-devel
mailing list