On Fri, Dec 22, 2006 at 06:42:41PM +0100, Stefan Fritsch wrote: > A vulnerability has been reported in Netrik:
Thanks for the report. Security update for Sarge is building now. Patch attached: Steve -- --- form-file.c 2003-08-06 10:28:45.000000000 +0000 +++ /home/skx/form-file.c 2006-12-22 22:19:12.000000000 +0000 @@ -10,6 +10,7 @@ * (C) 2003 antrik */ +#include <ctype.h> #include <sys/stat.h> #include <fcntl.h> #include <stdio.h> @@ -107,6 +108,14 @@ char temp_name[size]; snprintf(temp_name, size, format, name); + /* make sure we get a proper filename */ + { + char *chr; + for(chr=temp_name; *chr; ++chr) + if(!isalnum(*chr)) /* not safe filename char -> replace */ + *chr='_'; + } + /* write temporary file */ { int fildes; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]