1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-27 05:10:36 +00:00

Update to 0.5.5.

This commit is contained in:
Roman Bogorodskiy 2005-10-09 10:22:50 +00:00
parent e9669d49c2
commit 3fca075492
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=144665
3 changed files with 3 additions and 66 deletions

View File

@ -6,8 +6,7 @@
#
PORTNAME= wzdftpd
PORTVERSION= 0.5.4
PORTREVISION= 1
PORTVERSION= 0.5.5
CATEGORIES= ftp ipv6
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}

View File

@ -1,2 +1,2 @@
MD5 (wzdftpd-0.5.4.tar.gz) = 42307e6cceb5e037aa26d5e8dac4af1b
SIZE (wzdftpd-0.5.4.tar.gz) = 812944
MD5 (wzdftpd-0.5.5.tar.gz) = 1775a54dbbc71cea8a0e18676e627ce7
SIZE (wzdftpd-0.5.5.tar.gz) = 813070

View File

@ -1,62 +0,0 @@
--- src/wzd_mod.c.orig 2005-09-26 09:34:42.000000000 +0200
+++ src/wzd_mod.c 2005-09-26 09:46:41.000000000 +0200
@@ -102,6 +102,7 @@
} protocol_handler_t;
static int _hook_print_file(const char *filename, wzd_context_t *context);
+void _cleanup_shell_command(char * buffer, size_t length);
static protocol_handler_t * proto_handler_list=NULL;
static unsigned int _reply_code;
@@ -378,6 +379,8 @@
{
*(buffer+l_command++) = ' ';
(void)wzd_strncpy(buffer + l_command, buffer_args, sizeof(buffer) - l_command - 1);
+ /* SECURITY filter buffer for shell special characters ! */
+ _cleanup_shell_command(buffer,sizeof(buffer));
if ( (command_output = popen(buffer,"r")) == NULL ) {
out_log(LEVEL_HIGH,"Hook '%s': unable to popen\n",hook->external_command);
return 1;
@@ -438,6 +441,8 @@
else
{
/* *(buffer+l_command++) = ' ';*/
+ /* SECURITY filter buffer for shell special characters ! */
+ _cleanup_shell_command(buffer,sizeof(buffer));
if ( (command_output = popen(buffer,"r")) == NULL ) {
out_log(LEVEL_HIGH,"Hook '%s': unable to popen\n",hook->external_command);
return 1;
@@ -733,6 +738,8 @@
}
+/*************** STATIC ****************/
+
static int _hook_print_file(const char *filename, wzd_context_t *context)
{
wzd_cache_t * fp;
@@ -765,3 +772,24 @@
return 0;
}
+
+void _cleanup_shell_command(char * buffer, size_t length)
+{
+ const char * specials = "$\\|;!`()'\"#.,:*?{}[]&<>-~";
+ size_t i,j;
+ char * buf2;
+
+ buf2 = wzd_malloc(length);
+
+ for (i=0,j=0; buffer[i]!='\0' && i<length && j<length; i++,j++) {
+ if (strchr(specials,buffer[i]) != NULL) {
+ if (j+1 >= length) { buf2[j]='\0'; break; }
+ buf2[j++] = '\\';
+ }
+ buf2[j] = buffer[i];
+ }
+
+ wzd_strncpy(buffer,buf2,length);
+ wzd_free(buf2);
+}
+