From 8cff3c4e4cf078307c600bb5ce69f50912abdd63 Mon Sep 17 00:00:00 2001
From: Tobias Mueller <tobiasmue@gnome.org>
Date: Wed, 4 Nov 2009 00:09:27 +0000
Subject: Quote filename during restore to prevent user assisted arbitrary code
 execution

Fixes bug 540516.
---
 plugins/backup-restore/backup-restore.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/backup-restore/backup-restore.c b/plugins/backup-restore/backup-restore.c
index 82309a787f..ed7401eb4c 100644
--- a/plugins/backup-restore/backup-restore.c
+++ b/plugins/backup-restore/backup-restore.c
@@ -73,10 +73,14 @@ sanity_check (const gchar *filename)
 {
 	gchar *command;
 	gint result;
+	gchar *quotedfname;
 
-	command = g_strdup_printf ("%s/evolution-backup --check %s", EVOLUTION_TOOLSDIR, filename);
+	quotedfname = g_shell_quote(filename);
+
+	command = g_strdup_printf ("%s/evolution-backup --check %s", EVOLUTION_TOOLSDIR, quotedfname);
 	result = system (command);
 	g_free (command);
+	g_free (quotedfname);
 
 #ifdef HAVE_SYS_WAIT_H
 	g_message ("Sanity check result %d:%d %d", WIFEXITED (result), WEXITSTATUS (result), result);
-- 
cgit v1.2.3