CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2024/04/14 02:34:00
Modified files:
usr.bin/less : filename.c
Log message:
less: escape newlines in file names
Newlines in a filename can lead to arbitrary code execution
https://marc.info/?l=oss-security&m=171292433330233&w=2
via LESSOPEN. The diff is a straightforward adaptation of
https://github.com/gwsw/less/commit/007521ac3c95bc76
The better fix is deleting the misfeatures that are LESSOPEN
and LESSCLOSE which will happen in a separate commit.
diff looks good to guenther
