From: Joey Hess Date: Sun, 4 Dec 2011 15:34:29 +0000 (-0400) Subject: Block tty control codes in untrusted mr config files. X-Git-Url: https://git.madduck.net/code/myrepos.git/commitdiff_plain/2f0d3d7a85a19b86e809d6589df138efa36cf973?hp=2c3fe25a0f2995172bab019ca31ad69c21224191 Block tty control codes in untrusted mr config files. --- diff --git a/debian/changelog b/debian/changelog index e7f32b8..39fa503 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ mr (1.07) UNRELEASED; urgency=low * Added support for vcsh, enable with: include = cat /usr/share/mr/vcsh Thanks, Richard Hartmann + * Block tty control codes in untrusted mr config files. -- Joey Hess Tue, 29 Nov 2011 18:15:51 -0400 diff --git a/mr b/mr index 3996b60..6e27cd5 100755 --- a/mr +++ b/mr @@ -1184,6 +1184,11 @@ sub loadconfig { $_=shift @lines; $line++; chomp; + + if (! $trusted && /[[:cntrl:]]/) { + trusterror("mr: illegal control character", $f, $line, $bootstrap_url); + } + next if /^\s*\#/ || /^\s*$/; if (/^\[([^\]]*)\]\s*$/) { $section=$1;