[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: first patch to security problem
Peter writes:
> > You forgot some metacharacters here, which is why this is a dangerous
> > solution.
>
> Like ?
< > ( )
> Actually, don't worry about it, that Brazilian one seems to be the
> way to go. Though it leaks memory and doesn't work in gnome, it's
> easily fixed :)
Great, i'm pulling my hair out trying to parse it myself. Just cutting
it up ourselves is simple: (this is a replacement for the popt stuff
in the connectiva patch)
char *token = NULL, *argv[SOMETHING];
int pid, argc = 0;
while ((token = strtok(token ? NULL : cmd, " "))) {
argv[argc++] = token;
}
if (argc == 0) {
fprintf(stderr, "No command given\n");
return;
} else {
argv[argc] = NULL;
}
But then there's a hardcoded limit on the number of arguments. I
changed it to use realloc instead, but realloc is modifying my data. I
suspect that malloc is getting confused somewhere; earlier I was able
to GTK to crash in completely unrelated sections of code just by
calling realloc a lot.
--
There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There
are no ABSOLUTE STATEMENTS. I'm very probably wrong. -- BSD fortune(6)
-
XChat-discuss: mailing list for XChat users
Archive: http://mail.nl.linux.org/lists/
Posted By: Decklin Foster <decklin@red-bean.com>