On Fri, Dec 22, 2006 at 06:42:41PM +0100, Stefan Fritsch wrote:
> A vulnerability has been reported in Netrik:
Thanks for the report. Security update for Sarge is building now.
Patch attached:
Steve
--
--- form-file.c 2003-08-06 10:28:45.000000000 +0000
+++ /home/skx/form-file.c 2006-12-22 22:19:12.000000000 +0000
@@ -10,6 +10,7 @@
* (C) 2003 antrik
*/
+#include <ctype.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
@@ -107,6 +108,14 @@
char temp_name[size];
snprintf(temp_name, size, format, name);
+ /* make sure we get a proper filename */
+ {
+ char *chr;
+ for(chr=temp_name; *chr; ++chr)
+ if(!isalnum(*chr)) /* not safe filename char -> replace */
+ *chr='_';
+ }
+
/* write temporary file */
{
int fildes;
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
