44a125dbb2
Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows (CAN-2004-1186), quotes and shell escape characters are insufficiently sanitized in filenames (CAN-2004-1185), and it supported taking input from an arbitrary command pipe, with unwanted side effects (CAN-2004-1184). Obtained from: Gentoo
15 lines
239 B
C
15 lines
239 B
C
|
|
$FreeBSD$
|
|
|
|
--- src/gsint.h.orig
|
|
+++ src/gsint.h
|
|
@@ -701,4 +701,9 @@
|
|
*/
|
|
void printer_close ___P ((void *context));
|
|
|
|
+/*
|
|
+ * Escape filenames for shell usage
|
|
+ */
|
|
+char *shell_escape ___P ((const char *fn));
|
|
+
|
|
#endif /* not GSINT_H */
|