File jhead-CVE-2022-41751-2.patch of Package jhead.18188

Overview Repositories Revisions Requests Users Attributes Meta

File jhead-CVE-2022-41751-2.patch of Package jhead.18188

Index: jhead-3.06.0.1/jhead.c
===================================================================
--- jhead-3.06.0.1.orig/jhead.c
+++ jhead-3.06.0.1/jhead.c
@@ -166,6 +166,15 @@ static int FileEditComment(char * TempFi
         }
         if (strlen(Editor) > PATH_MAX) ErrFatal("env too long");
 
+        // Disallow characters in the editor or filename that could be used to execute arbitrary
+        // shell commands with system() below.
+        if (strpbrk(TempFileName, "\";'&|`$")) {
+            ErrFatal("Filename has invalid characters");
+        }
+        if (strpbrk(Editor, "\";'&|`$")) {
+            ErrFatal("Editor has invalid characters");
+        }
+
         sprintf(QuotedPath, "%s \"%s\"",Editor, TempFileName);
         a = system(QuotedPath);
     }
@@ -757,6 +766,14 @@ static int DoAutoRotate(const char * Fil
                 sprintf(RotateCommand,"jpegtran -trim -%s -outfile \"%s\" \"%s\"",
                     Argument, ThumbTempName_out, ThumbTempName_in);
 
+                // Disallow characters in the command that could be used to execute arbitrary
+                // shell commands with system() below.
+                if (strpbrk(RotateCommand, "\";'&|`$")) {
+                    ErrNonfatal("Command has invalid characters.", 0, 0);
+                    unlink(ThumbTempName_in);
+                    return FALSE;
+                }
+
                 if (system(RotateCommand) == 0){
                     // Put the thumbnail back in the header
                     ReplaceThumbnail(ThumbTempName_out);
@@ -784,7 +801,7 @@ static int RegenerateThumbnail(const cha
 
     // Disallow characters in the filename that could be used to execute arbitrary
     // shell commands with system() below.
-    if(strpbrk(FileName, "\";'&|`")) {
+    if(strpbrk(FileName, "\";'&|`$")) {
         ErrNonfatal("Filename has invalid characters.", 0, 0);
         return FALSE;
     }

Places

File jhead-CVE-2022-41751-2.patch of Package jhead.18188

Places