File 0001-Avoid-argument-injection-vulnerability-in-... of Package xdg-utils.7563

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-Avoid-argument-injection-vulnerability-in-open_envvar.patch of Package xdg-utils.7563

Index: xdg-utils-20140630/scripts/xdg-open.in
===================================================================
--- xdg-utils-20140630.orig/scripts/xdg-open.in
+++ xdg-utils-20140630/scripts/xdg-open.in
@@ -241,6 +241,11 @@ open_generic_xdg_x_scheme_handler()
     fi
 }
 
+has_single_argument()
+{
+  test $# = 1
+}
+
 open_generic()
 {
     # Paths or file:// URLs
@@ -277,23 +282,25 @@ open_generic()
 
     open_generic_xdg_x_scheme_handler "$1"
 
+    oldifs="$IFS"
     IFS=":"
     for browser in $BROWSER; do
-        if [ x"$browser" != x"" ]; then
-
-            browser_with_arg=`printf "$browser" "$1" 2>/dev/null`
-            if [ $? -ne 0 ]; then
-                browser_with_arg=$browser;
-            fi
+        IFS="$oldifs"
+        if [ -z "$browser" ]; then
+            continue
+        fi
 
-            if [ x"$browser_with_arg" = x"$browser" ]; then
-                eval '$browser "$1"'$xdg_redirect_output;
-            else eval '$browser_with_arg'$xdg_redirect_output;
-            fi
+        if echo "$browser" | grep -q %s; then
+            # Avoid argument injection.
+            # See https://bugs.freedesktop.org/show_bug.cgi?id=103807
+            # URIs don't have IFS characters spaces anyway.
+            has_single_argument $1 && $(printf "$browser" "$1")
+        else
+            $browser "$1"
+        fi
 
-            if [ $? -eq 0 ]; then
-                exit_success;
-            fi
+        if [ $? -eq 0 ]; then
+            exit_success
         fi
     done

Places

File 0001-Avoid-argument-injection-vulnerability-in-open_envvar.patch of Package xdg-utils.7563

Places