On Tue, May 24, 2022 at 09:58:08AM -0700, "Kevin J. McCarthy" <ke...@8t8.us> wrote:
> On Fri, May 20, 2022 at 05:56:58PM +1000, raf wrote: > > +#define SHELL_NON_SPACE_META_CHARACTERS "|&;()<>[]{}$`'~\"\\*?" > > + if (Sendmail[strcspn(Sendmail, SHELL_NON_SPACE_META_CHARACTERS)] != '\0') > > + { > > + mutt_error(_("$sendmail cannot contain shell meta-characters.")); > > + return -1; > > + } > > Also, taking a closer look at the patch. > > * strcspn() matches an initial prefix. You might want to use strpbrk() > instead. No. It's correct as it is. strcspn() returns the length of the prefix that consists of characters that are not in the list. The code uses that length as an index into the string and expects to find the nul byte, which would indicate that the entire string consists of characters that are not in the list. If it's not the nul byte, then it's one of the rejected characters, which indicates that the string contains a rejected character. > * stylistically I don't think you should #define something used just once > right above the usage. If the "why these chars" is unclear, just add a > comment above the block, but I think in this case the mutt_error() string > makes it clear what the check is about. > > -- > Kevin J. McCarthy > GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA cheers, raf