>From da75c215e01e1b3be7498bef78f1f64d1e8c0693 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 12 Dec 2014 22:25:30 +0100 Subject: [PATCH 1/2] CVE-2014-7209: Fix shell command injection --- run-mailcap | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/run-mailcap b/run-mailcap index c5bfa5c..dd98178 100755 --- a/run-mailcap +++ b/run-mailcap @@ -474,27 +474,26 @@ foreach (@files) { } if ($file ne "-") { - if ($comm =~ m/[^%]%s/) { - if ($file =~ m![^ a-z0-9,.:/@%^+=_-]!i) { - $match =~ m/nametemplate=(.*?)\s*($|;)/; - my $prefix = $1; - my $linked = 0; - while (!$linked) { - $tmplink = TempFile($prefix); - unlink($tmplink); - if ($file =~ m!^/!) { - $linked = symlink($file,$tmplink); - } else { - my $pwd = `/bin/pwd`; - chomp($pwd); - $linked = symlink("$pwd/$file",$tmplink); - } + if ($file =~ m![^ a-z0-9,.:/@%^+=_-]!i) { + $match =~ m/nametemplate=(.*?)\s*($|;)/; + my $prefix = $1; + my $linked = 0; + while (!$linked) { + $tmplink = TempFile($prefix); + unlink($tmplink); + if ($file =~ m!^/!) { + $linked = symlink($file,$tmplink); + } else { + my $pwd = `/bin/pwd`; + chomp($pwd); + $linked = symlink("$pwd/$file",$tmplink); } - print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug; - $comm =~ s/([^%])%s/$1$tmplink/g; - } else { - $comm =~ s/([^%])%s/$1$file/g; } + $file = $tmplink; + print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug; + } + if ($comm =~ m/[^%]%s/) { + $comm =~ s/([^%])%s/$1$file/g; } else { if ($comm =~ m/\|/) { $comm =~ s/\|/<\Q$file\E \|/; -- 2.1.3