Displaying 1 result from an estimated 1 matches for "put_entries".
2004 May 03
4
ctags(1) command execution vulnerability
...%s OTAGS; fgrep -v '\t%s\t' OTAGS >%s; rm OTAGS",
+ "mv '%s' OTAGS; fgrep -v '\t%s\t' OTAGS >'%s'; rm OTAGS",
outfile, argv[step], outfile);
if (cmd == NULL)
err(1, "out of space");
@@ -181,7 +181,7 @@
put_entries(head);
(void)fclose(outf);
if (uflag) {
- (void)asprintf(&cmd, "sort -o %s %s",
+ (void)asprintf(&cmd, "sort -o '%s' '%s'",
outfile, outfile);
if (cmd == NULL)
err(1, "out of space");
-Roman Bogorodskiy
-----...