Displaying 1 result from an estimated 1 matches for "validatenam".
Did you mean:
validatename
2004 May 03
4
ctags(1) command execution vulnerability
Hello,
ctags(1) uses external application sort(1) for sorting the tags file.
It calls it via system(3) function.
Look at the /usr/src/usr.bin/ctags/ctags.c file, there are such lines
here:
if (uflag) {
(void)asprintf(&cmd, "sort -o %s %s",
outfile, outfile);
if (cmd == NULL)
err(1, "out of space");
system(cmd);
free(cmd);
cmd = NULL;
}
This code will be