On 5/10/15 5:57 AM, isabella parakiss wrote:
> In builtins/mapfile.def there's this line:
> snprintf (execstr, execlen, "%s %d %s", callback, curindex, qline);
>
> If the callback is empty, bash runs '<space><number><space><line>'
> This smells a lot like code injection.
It might smell like that, but it looks more like something self-
inflicted.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
