Projects
openEuler:24.03:SP1:Everything
util-linux
_service:tar_scm:backport-CVE-2024-28085.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2024-28085.patch of Package util-linux
From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001 From: Karel Zak <kzak@redhat.com> Date: Thu, 21 Mar 2024 11:16:20 +0100 Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085] Let's use for all cases the same output function. Reported-by: Skyler Ferrante <sjf5462@rit.edu> Signed-off-by: Karel Zak <kzak@redhat.com> --- term-utils/wall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/term-utils/wall.c b/term-utils/wall.c index f894a32f8..588d3a963 100644 --- a/term-utils/wall.c +++ b/term-utils/wall.c @@ -368,7 +368,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz, int i; for (i = 0; i < mvecsz; i++) { - fputs(mvec[i], fs); + fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH); if (i < mvecsz - 1) fputc(' ', fs); } -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2