[Bug 350640] Re: unzip shell call
Natty has the version of fcrackzip with the patch. 9:54:00 - flash:[/tmp] rmadison fcrackzip fcrackzip | 0.3-2 | dapper/universe | source, amd64, i386, powerpc fcrackzip | 0.3-2 | hardy/universe | source, amd64, i386 fcrackzip | 1.0-0ubuntu1 | karmic/universe | source, amd64, i386 fcrackzip | 1.0-1 | lucid/universe | source, amd64, i386 fcrackzip | 1.0-1 | maverick/universe | source, amd64, i386 fcrackzip | 1.0-2 | natty/universe | source, amd64, i386 ** Changed in: fcrackzip (Ubuntu) Status: Triaged = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/350640 Title: unzip shell call -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 350640] Re: unzip shell call
Already included in Debian fcrackzip/1.0-2. See http://patch- tracker.debian.org/patch/series/view/fcrackzip/1.0-2/20-bug-430387 -cannot-deal-files-with-special-chars.patch This bug can be closed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/350640 Title: unzip shell call -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 350640] Re: unzip shell call
** Changed in: fcrackzip (Ubuntu) Status: Confirmed = Triaged ** Changed in: fcrackzip (Ubuntu) Importance: Undecided = Medium ** Changed in: fcrackzip (Debian) Status: Won't Fix = New -- unzip shell call https://bugs.launchpad.net/bugs/350640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 350640] Re: unzip shell call
Should I be creating a new bug? It seems that Debian has the problem with unescaped characters in the file path marked as fixed (Debian bug #430387), but the problem with unescaped characters in passwords seems to remain. -- unzip shell call https://bugs.launchpad.net/bugs/350640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 350640] Re: unzip shell call
** Tags added: patch -- unzip shell call https://bugs.launchpad.net/bugs/350640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 350640] Re: unzip shell call
I experience the same problem as Alex Harrington in Lucid, with the same version of fcrackzip. Not only the file path but the password string is passed on the shell command line to unzip. So it seems the passwords should also be escaped for the shell's consumption. I attach a patch that I think fixes the issue. ** Patch added: Patch to escape passwords and paths in shell command to unzip http://launchpadlibrarian.net/52808029/FixEscapes.patch ** Changed in: fcrackzip (Ubuntu) Status: Fix Released = In Progress ** Changed in: fcrackzip (Ubuntu) Status: In Progress = Confirmed -- unzip shell call https://bugs.launchpad.net/bugs/350640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 350640] Re: unzip shell call
Sorry if I've missed something but I'm still seeing this on Lucid: $ apt-cache policy fcrackzip fcrackzip: Installed: 1.0-1 Candidate: 1.0-1 Version table: *** 1.0-1 0 500 http://gb.archive.ubuntu.com/ubuntu/ lucid/universe Packages 100 /var/lib/dpkg/status $ fcrackzip -u --brute-force myzip.zip I get lots of these output: sh: Syntax error: Unterminated quoted string sh: Syntax error: Missing '))' Same if I use a dictionary with the -D -p english.dic syntax too. Alex -- unzip shell call https://bugs.launchpad.net/bugs/350640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 350640] Re: unzip shell call
This seems to have been solved a different way but fixed nonetheless in Lucid. char * path_for_shell (char *dest, const char *str) { /* backslash shell special charatcers */ char ch, *p = dest; size_t len = strlen(str); int i; for (i = 0; i len; i++) { ch = str[i]; switch (ch) { /* ASCII table order */ case '!': case '': case '#': case '$': case '': case 0x27: /* single quote */ case '(': case ')': case '*': case '+': case 0x2C: case ':': case ';': case '': case '': case '?': case '[': case '\\': case ']': case '^': case '`': case '{': case '|': case '}': /* backslash special characters */ *p++ = '\\'; *p++ = ch; break; default: *p++ = ch; } } /* terminate string */ *p = '\0'; return dest; } ** Changed in: fcrackzip (Debian) Status: New = Won't Fix ** Changed in: fcrackzip (Ubuntu) Status: New = Fix Released -- unzip shell call https://bugs.launchpad.net/bugs/350640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 350640] Re: unzip shell call
** Also affects: fcrackzip (Debian) Importance: Undecided Status: New -- unzip shell call https://bugs.launchpad.net/bugs/350640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 350640] Re: unzip shell call
** Attachment added: Simple escape http://launchpadlibrarian.net/24467757/diff -- unzip shell call https://bugs.launchpad.net/bugs/350640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs