[evolution] Quote filename during restore to prevent user assisted arbitrary code execution

From: Tobias Mueller <tobiasmue src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [evolution] Quote filename during restore to prevent user assisted arbitrary code execution
Date: Thu, 5 Nov 2009 19:11:54 +0000 (UTC)

commit 8cff3c4e4cf078307c600bb5ce69f50912abdd63
Author: Tobias Mueller <tobiasmue gnome org>
Date:   Wed Nov 4 00:09:27 2009 +0000

    Quote filename during restore to prevent user assisted arbitrary code execution
    
    Fixes bug 540516.

 plugins/backup-restore/backup-restore.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)
---
diff --git a/plugins/backup-restore/backup-restore.c b/plugins/backup-restore/backup-restore.c
index 82309a7..ed7401e 100644
--- a/plugins/backup-restore/backup-restore.c
+++ b/plugins/backup-restore/backup-restore.c
@@ -73,10 +73,14 @@ sanity_check (const gchar *filename)
 {
 	gchar *command;
 	gint result;
+	gchar *quotedfname;
 
-	command = g_strdup_printf ("%s/evolution-backup --check %s", EVOLUTION_TOOLSDIR, filename);
+	quotedfname = g_shell_quote(filename);
+
+	command = g_strdup_printf ("%s/evolution-backup --check %s", EVOLUTION_TOOLSDIR, quotedfname);
 	result = system (command);
 	g_free (command);
+	g_free (quotedfname);
 
 #ifdef HAVE_SYS_WAIT_H
 	g_message ("Sanity check result %d:%d %d", WIFEXITED (result), WEXITSTATUS (result), result);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]