Re: [PATCH] FISH DoS when copying file with '`' in name to remote FS

[Jindrich Novy <jnovy redhat com>]

Hi Leonard,

On Wed, 2006-11-08 at 23:05 +0100, Leonard den Ottolander wrote:
> Hi Jindrich,
> 
> On Wed, 2006-11-08 at 19:37 +0100, Jindrich Novy wrote:
> > +                "file=/%s\n"
> 
> Why the substitution instead of just quoting the occurrences of %s?

I was fixing this bug by generating the scripts to log and then trying
to quote them appropriately to make them work. I was unsuccessful to fix
the script responsible for this bug by any quotation as backtick '`' did
quite bad things so that bash was unable to parse it, quoted or not.

Maybe I'm at fault here, but the problem cannot be fixed by quoting
only.

> >                  (unsigned long) s.st_size, name,
> > -                (unsigned long) s.st_size, quoted_name,
> > -                quoted_name, (unsigned long) s.st_size, quoted_name);
> > +                quoted_name, (unsigned long) s.st_size,
> > +                (unsigned long) s.st_size);
> 
> And what is this doing? Is it in any way related to the quoting issue or
> does it fix something else?

This is because fish_command() has variable arguments. So I removed the
arguments referenced by %s in the format string as I replaced some of
them by $file reference.

Jindrich
-- 
Jindrich Novy <jnovy redhat com>, http://people.redhat.com/jnovy/
(o_                                                           _o)
//\      The worst evil in the world is refusal to think.     //\
V_/_                                                         _\_V