unzip shell call
Bug #350640 reported by
Tomas Jakstas
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Debian |
Invalid
|
Undecided
|
Unassigned | ||
fcrackzip (Debian) |
New
|
Undecided
|
Unassigned | ||
fcrackzip (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: fcrackzip
This bug is due to unescaped password characters ", ', ` when using dictionary file
sh: Syntax error: Unterminated quoted string
sh: Syntax error: EOF in backquote substitution
tags: | added: patch |
Changed in fcrackzip (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → Medium |
Changed in fcrackzip (Debian): | |
status: | Won't Fix → New |
To post a comment you must log in.
This seems to have been solved a different way but fixed nonetheless in Lucid.
char *
path_for_shell (char *dest, const char *str)
{
/* backslash shell special charatcers */
char ch, *p = dest;
size_t len = strlen(str);
int i;
for (i = 0; i < len; i++)
{
ch = str[i];
switch (ch)
{
/* ASCII table order */
case '!':
case '"':
case '#':
case '$':
case '&':
case 0x27: /* single quote */
case '(':
case ')':
case '*':
case '+':
case 0x2C:
case ':':
case ';':
case '<':
case '>':
case '?':
case '[':
case '\\':
case ']':
case '^':
case '`':
case '{':
case '|':
case '}':
/* backslash special characters */
*p++ = '\\';
*p++ = ch;
break;
default:
*p++ = ch;
}
}
/* terminate string */
*p = '\0';
return dest;
}