From 2f0d3d7a85a19b86e809d6589df138efa36cf973 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 4 Dec 2011 11:34:29 -0400 Subject: [PATCH 1/1] Block tty control codes in untrusted mr config files. --- debian/changelog | 1 + mr | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index e7f32b8..39fa503 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ mr (1.07) UNRELEASED; urgency=low * Added support for vcsh, enable with: include = cat /usr/share/mr/vcsh Thanks, Richard Hartmann + * Block tty control codes in untrusted mr config files. -- Joey Hess Tue, 29 Nov 2011 18:15:51 -0400 diff --git a/mr b/mr index 3996b60..6e27cd5 100755 --- a/mr +++ b/mr @@ -1184,6 +1184,11 @@ sub loadconfig { $_=shift @lines; $line++; chomp; + + if (! $trusted && /[[:cntrl:]]/) { + trusterror("mr: illegal control character", $f, $line, $bootstrap_url); + } + next if /^\s*\#/ || /^\s*$/; if (/^\[([^\]]*)\]\s*$/) { $section=$1; -- 2.39.5