1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
From: Karel Zak <kzak@redhat.com>
Date: Thu, 21 Mar 2024 11:16:20 +0100
Subject: wall: fix escape sequence Injection
Let's use for all cases the same output function.
Reported-by: Skyler Ferrante <sjf5462@rit.edu>
Signed-off-by: Karel Zak <kzak@redhat.com>
Origin: https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-28085
Bug-Debian: https://bugs.debian.org/1067849
---
term-utils/wall.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/term-utils/wall.c b/term-utils/wall.c
index f375eca..90d5b71 100644
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@@ -327,7 +327,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
int i;
for (i = 0; i < mvecsz; i++) {
- fputs(mvec[i], fs);
+ fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
if (i < mvecsz - 1)
fputc(' ', fs);
}
|