wmaker: fix arbitrary shell command injection

David Maciejak Tue, 30 Sep 2014 01:11:36 -0700

Workspace background pref can be tricked to run arbitrary cmds.

---
 src/defaults.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)


diff --git a/src/defaults.c b/src/defaults.c
index 6ca7f3f..105114b 100644
--- a/src/defaults.c
+++ b/src/defaults.c
@@ -3097,13 +3097,17 @@ static int setWorkspaceBack(WScreen * scr,
WDefaultEntry * entry, void *tdata, v
  len = strlen(text) + 40;
  command = wmalloc(len);
  dither = wPreferences.no_dithering ? "-m" : "-d";
- if (wPreferences.smooth_workspace_back)
- snprintf(command, len, "wmsetbg %s -S -p '%s' &", dither, text);
- else
- snprintf(command, len, "wmsetbg %s -p '%s' &", dither, text);
+ if (!strstr(text, "\'") && !strstr(text, "\\")) {
+ command = wmalloc(len);
+ if (wPreferences.smooth_workspace_back)
+ snprintf(command, len, "wmsetbg %s -S -p '%s' &", dither, text);
+ else
+ snprintf(command, len, "wmsetbg %s -p '%s' &", dither, text);
+ ExecuteShellCommand(scr, command);
+ wfree(command);
+ } else
+ wwarning(_("Invalid arguments for background \"%s\""), text);
  wfree(text);
- ExecuteShellCommand(scr, command);
- wfree(command);
  }
  WMReleasePropList(value);

0001-wmaker-fix-arbitrary-shell-command-injection.patch
Description: Binary data

wmaker: fix arbitrary shell command injection

Reply via email to