mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-20 20:09:11 +00:00
- Add patch to properly escape paths and passwords in shell calls.
- While here, remove MD5 from distinfo. Reported by: Keith Waters <keith@waters.co.za> Patch by: Richard Corner Obtained from: https://bugs.launchpad.net/ubuntu/+source/fcrackzip/+bug/350640
This commit is contained in:
Stefan Walter
parent
5bfe2a8864
commit
912acdae05
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=274237
@ -7,6 +7,7 @@
|
||||
|
||||
PORTNAME= fcrackzip
|
||||
PORTVERSION= 1.0
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= security archivers
|
||||
MASTER_SITES= http://oldhome.schmorp.de/data/marc/ \
|
||||
http://distfiles.macports.org/${PORTNAME}/
|
||||
|
||||
@ -1,3 +1,2 @@
|
||||
MD5 (fcrackzip-1.0.tar.gz) = 254941f51759f9425965f4b05fe7ac2c
|
||||
SHA256 (fcrackzip-1.0.tar.gz) = 4a58c8cb98177514ba17ee30d28d4927918bf0bdc3c94d260adfee44d2d43850
|
||||
SIZE (fcrackzip-1.0.tar.gz) = 114786
|
||||
|
||||
116
security/fcrackzip/files/patch-main.c
Normal file
116
security/fcrackzip/files/patch-main.c
Normal file
@ -0,0 +1,116 @@
|
||||
--- main.c.orig 2005-09-10 21:58:44.000000000 +0200
|
||||
+++ main.c 2011-05-17 21:59:32.000000000 +0200
|
||||
@@ -44,13 +44,112 @@
|
||||
|
||||
static FILE *dict_file;
|
||||
|
||||
+char *
|
||||
+path_for_shell (char *dest, const char *str)
|
||||
+{
|
||||
+ /* backslash shell special charatcers */
|
||||
+
|
||||
+ char ch, *p = dest;
|
||||
+ size_t len = strlen(str);
|
||||
+ int i;
|
||||
+
|
||||
+ for (i = 0; i < len; i++)
|
||||
+ {
|
||||
+ ch = str[i];
|
||||
+
|
||||
+ switch (ch)
|
||||
+ {
|
||||
+ /* ASCII table order */
|
||||
+ case 0x20: /* space */
|
||||
+ case '!':
|
||||
+ case '"':
|
||||
+ case '#':
|
||||
+ case '$':
|
||||
+ case '&':
|
||||
+ case 0x27: /* single quote */
|
||||
+ case '(':
|
||||
+ case ')':
|
||||
+ case '*':
|
||||
+ case '+':
|
||||
+ case 0x2C: /* comma */
|
||||
+ case ':':
|
||||
+ case ';':
|
||||
+ case '<':
|
||||
+ case '>':
|
||||
+ case '?':
|
||||
+ case '[':
|
||||
+ case '\\':
|
||||
+ case ']':
|
||||
+ case '^':
|
||||
+ case '`':
|
||||
+ case '{':
|
||||
+ case '|':
|
||||
+ case '}':
|
||||
+ case '~':
|
||||
+ /* backslash special characters */
|
||||
+ *p++ = '\\';
|
||||
+ *p++ = ch;
|
||||
+ break;
|
||||
+ default:
|
||||
+ *p++ = ch;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* terminate string */
|
||||
+ *p = '\0';
|
||||
+
|
||||
+ return dest;
|
||||
+}
|
||||
+
|
||||
+char *
|
||||
+escape_pw (char *dest, const char *str)
|
||||
+{
|
||||
+ /* backslash shell special charatcers */
|
||||
+
|
||||
+ char ch, *p = dest;
|
||||
+ size_t len = strlen(str);
|
||||
+ int i;
|
||||
+
|
||||
+ for (i = 0; i < len; i++)
|
||||
+ {
|
||||
+ ch = str[i];
|
||||
+
|
||||
+ switch (ch)
|
||||
+ {
|
||||
+ /* ASCII table order */
|
||||
+ case '"':
|
||||
+ case '$':
|
||||
+ case 0x27: /* single quote */
|
||||
+ case '\\':
|
||||
+ case '`':
|
||||
+ /* backslash special characters */
|
||||
+ *p++ = '\\';
|
||||
+ *p++ = ch;
|
||||
+ break;
|
||||
+ default:
|
||||
+ *p++ = ch;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* terminate string */
|
||||
+ *p = '\0';
|
||||
+
|
||||
+ return dest;
|
||||
+}
|
||||
+
|
||||
int REGPARAM
|
||||
check_unzip (const char *pw)
|
||||
{
|
||||
char buff[1024];
|
||||
+ char path[1024];
|
||||
+ char escpw[256];
|
||||
int status;
|
||||
|
||||
- sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, pw, file_path[0]);
|
||||
+ escape_pw (escpw, pw);
|
||||
+ path_for_shell (path, file_path[0]);
|
||||
+
|
||||
+ sprintf (buff, "unzip -qqtP \"%s\" %s " DEVNULL, escpw, path);
|
||||
+
|
||||
status = system (buff);
|
||||
|
||||
#undef REDIR
|
||||
Loading…
Reference in New Issue
Block a user