diff options
author | Suman Manjunath <msuman@src.gnome.org> | 2008-06-30 11:47:34 +0800 |
---|---|---|
committer | Suman Manjunath <msuman@src.gnome.org> | 2008-06-30 11:47:34 +0800 |
commit | 316d02285c002240b93640185c3e615a75394158 (patch) | |
tree | 539005624a6bfb12ac76cf0f94a4740743a88d05 | |
parent | ca8e433e239f022a7b05cf9ce10a780c28e788ec (diff) | |
download | gsoc2013-evolution-316d02285c002240b93640185c3e615a75394158.tar gsoc2013-evolution-316d02285c002240b93640185c3e615a75394158.tar.gz gsoc2013-evolution-316d02285c002240b93640185c3e615a75394158.tar.bz2 gsoc2013-evolution-316d02285c002240b93640185c3e615a75394158.tar.lz gsoc2013-evolution-316d02285c002240b93640185c3e615a75394158.tar.xz gsoc2013-evolution-316d02285c002240b93640185c3e615a75394158.tar.zst gsoc2013-evolution-316d02285c002240b93640185c3e615a75394158.zip |
Patch from Tobias Mueller <muelli@auftrags-killer.org> ** Fix for bug #540516 (Fix for a vulnerability issue).
svn path=/trunk/; revision=35700
-rw-r--r-- | plugins/backup-restore/ChangeLog | 7 | ||||
-rw-r--r-- | plugins/backup-restore/backup.c | 27 |
2 files changed, 25 insertions, 9 deletions
diff --git a/plugins/backup-restore/ChangeLog b/plugins/backup-restore/ChangeLog index ea638cf47d..04c319f227 100644 --- a/plugins/backup-restore/ChangeLog +++ b/plugins/backup-restore/ChangeLog @@ -1,3 +1,10 @@ +2008-06-30 Tobias Mueller <muelli@auftrags-killer.org> + + ** Fix for bug #540516 + + * backup.c (backup), (restore), (check): Sanitize user input while + accepting path/filename of the backup. + 2008-06-20 Milan Crha <mcrha@redhat.com> * backup.c: (main): Use Evolution icon for the window. diff --git a/plugins/backup-restore/backup.c b/plugins/backup-restore/backup.c index ddd97c287b..8711871581 100644 --- a/plugins/backup-restore/backup.c +++ b/plugins/backup-restore/backup.c @@ -62,9 +62,11 @@ static void backup (const char *filename) { char *command; + char *quotedfname; g_return_if_fail (filename && *filename); - + quotedfname = g_shell_quote(filename); + CANCEL (complete); txt = _("Shutting down Evolution"); /* FIXME Will the versioned setting always work? */ @@ -81,9 +83,10 @@ backup (const char *filename) /* FIXME compression type?" */ /* FIXME date/time stamp?" */ /* FIXME backup location?" */ - command = g_strdup_printf ("cd $HOME && tar cf - .evolution .camel_certs | gzip > %s", filename); + command = g_strdup_printf ("cd $HOME && tar cf - .evolution .camel_certs | gzip > %s", quotedfname); s (command); g_free (command); + g_free (quotedfname); txt = _("Backup complete"); @@ -102,9 +105,11 @@ static void restore (const char *filename) { char *command; - + char *quotedfname; + g_return_if_fail (filename && *filename); - + quotedfname = g_shell_quote(filename); + /* FIXME Will the versioned setting always work? */ CANCEL (complete); txt = _("Shutting down Evolution"); @@ -117,9 +122,10 @@ restore (const char *filename) CANCEL (complete); txt = _("Extracting files from backup"); - command = g_strdup_printf ("cd $HOME && gzip -cd %s| tar xf -", filename); + command = g_strdup_printf ("cd $HOME && gzip -cd %s| tar xf -", quotedfname); s (command); g_free (command); + g_free (quotedfname); CANCEL (complete); txt = _("Loading Evolution settings"); @@ -144,10 +150,12 @@ static void check (const char *filename) { char *command; + char *quotedfname; g_return_if_fail (filename && *filename); - - command = g_strdup_printf ("tar ztf %s | grep -e \"^\\.evolution/$\"", filename); + quotedfname = g_shell_quote(filename); + + command = g_strdup_printf ("tar ztf %s | grep -e \"^\\.evolution/$\"", quotedfname); result = system (command); g_free (command); @@ -155,10 +163,11 @@ check (const char *filename) if (result) exit (result); - command = g_strdup_printf ("tar ztf %s | grep -e \"^\\.evolution/%s$\"", filename, GCONF_DUMP_FILE); + command = g_strdup_printf ("tar ztf %s | grep -e \"^\\.evolution/%s$\"", quotedfname, GCONF_DUMP_FILE); result = system (command); g_free (command); - + g_free (quotedfname); + g_message ("Second result %d", result); } |