]> git.ipfire.org Git - thirdparty/util-linux.git/commitdiff
projects / thirdparty / util-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6ff6f5b)
wall: fix escape sequence Injection [CVE-2024-28085]
authorKarel Zak <kzak@redhat.com>
Thu, 21 Mar 2024 10:16:20 +0000 (11:16 +0100)
committerKarel Zak <kzak@redhat.com>
Mon, 1 Apr 2024 09:49:39 +0000 (11:49 +0200)
Let's use for all cases the same output function.

Reported-by: Skyler Ferrante <sjf5462@rit.edu>
Signed-off-by: Karel Zak <kzak@redhat.com>
(cherry picked from commit 404b0781f52f7c045ca811b2dceec526408ac253)

term-utils/wall.c patch | blob | blame | history

diff --git a/term-utils/wall.c b/term-utils/wall.c
index f894a32f862f3425437d43c855c0497c9fdd660d..588d3a96364a1a6fc534641908f2ca688f538120 100644 (file)
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@@ -368,7 +368,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
                int i;
 
                for (i = 0; i < mvecsz; i++) {
-                       fputs(mvec[i], fs);
+                       fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
                        if (i < mvecsz - 1)
                                fputc(' ', fs);
                }
Unnamed repository; edit this file 'description' to name the repository.