From bc084e3bcd6f3d37dc51e7e1893e113169a85cc9 Mon Sep 17 00:00:00 2001 From: Mamoru Tasaka Date: May 23 2008 14:49:00 +0000 Subject: - 0.9.16 - Properly handle file name (shell escaping issue) --- diff --git a/cbrpager-0.9.16-filen-shell-escaping.patch b/cbrpager-0.9.16-filen-shell-escaping.patch index 080fdb2..7168d01 100644 --- a/cbrpager-0.9.16-filen-shell-escaping.patch +++ b/cbrpager-0.9.16-filen-shell-escaping.patch @@ -1,11 +1,11 @@ --- cbrpager-0.9.16/src/global.c.filen 2008-05-23 14:53:51.000000000 +0900 -+++ cbrpager-0.9.16/src/global.c 2008-05-23 17:11:33.000000000 +0900 ++++ cbrpager-0.9.16/src/global.c 2008-05-23 23:03:45.000000000 +0900 @@ -36,6 +36,12 @@ #include "conf.h" #include "main.h" +#include -+#include /* creat */ ++#include /* open */ +#include +#include +#include /* wait */ @@ -13,14 +13,20 @@ GList *pagelist = NULL; int page_nr = 0, timer_id = 0, -@@ -144,19 +150,23 @@ +@@ -136,7 +142,6 @@ + return -1; + } + +- + void + start_show(void) + { +@@ -144,19 +149,15 @@ char *bff, *p = NULL, **names; gboolean first = TRUE; int s, t, bffbeg = 0; + int pfd[2]; /* pipe */ + int pid_i, pid_j; /* two children*/ -+ int wait_i, wait_j; /* waiting pid */ -+ char cmd[3][20]; if (debug) printf("%s\n", pref.lastbook); @@ -29,21 +35,15 @@ - bff = g_strdup_printf("unzip -l \"%s\" | grep \"%s\" > %s", - pref.lastbook, all_extensions, tmpf); - if (debug) printf("ZIP command: %s\n", bff); -+ sprintf(cmd[0], "%s", "unzip"); -+ sprintf(cmd[1], "%s", "-l"); -+ sprintf(cmd[2], "ZIP command:"); break; case RAR_FILE: - bff = g_strdup_printf("unrar v \"%s\" | grep \"%s\" > %s", - pref.lastbook, all_extensions, tmpf); - if (debug) printf("RAR command: %s\n", bff); -+ sprintf(cmd[0], "%s", "unrar"); -+ sprintf(cmd[1], "%s", "v"); -+ sprintf(cmd[2], "RAR command:"); break; default: // Patch from Ilja Pyykkonen 2005/09/04 p = g_strdup_printf(_("Cannot open file '%s': unknown file type"), -@@ -165,7 +175,77 @@ +@@ -165,7 +166,76 @@ g_free(p); return; } @@ -67,10 +67,18 @@ + return; + } + close(pfd[1]); -+ if (debug) fprintf(stderr, "%s %s %s %s\n", -+ cmd[2], cmd[0], cmd[1], pref.lastbook); -+ execlp(cmd[0], cmd[0], cmd[1], pref.lastbook, NULL); -+ return; /* should not reach here */ ++ switch(pref.booktype) { ++ case ZIP_FILE: ++ if (debug) fprintf(stderr, "ZIP command: unzip -l %s\n", ++ pref.lastbook); ++ execlp("unzip", "unzip", "-l", pref.lastbook, (char *)NULL); ++ return; /* should not reach here */ ++ case RAR_FILE: ++ if (debug) fprintf(stderr, "RAR command: unrar -v %s\n", ++ pref.lastbook); ++ execlp("unrar", "unrar", "v", pref.lastbook, (char *)NULL); ++ return; /* should not reach here */ ++ } + } + else { + pid_j = fork() ; @@ -79,8 +87,6 @@ + return; + } + else if (pid_j == 0) { /* child 2; do grep */ -+ int new_fd; -+ + close(pfd[1]); + close(0); /* close stdin */ + if (dup(pfd[0]) != 0) { @@ -88,53 +94,45 @@ + return; + } + close(pfd[0]); -+ /* create tmpf */ -+ if ((new_fd = creat(tmpf, 00600)) == -1) { ++ if ((tmpf_fd = open(tmpf, O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR)) == -1) { + p = g_strdup_printf(_("Cannot open file '%s'"), tmpf); + ok_dialog(_("File error"), p); + g_free(p); + return; + } + close(1); /* close stdout */ -+ if (dup(new_fd) != 1) { ++ if (dup(tmpf_fd) != 1) { + fprintf(stderr, "Dup failure\n"); + return; + } -+ close(new_fd); -+ execlp("grep", "grep", all_extensions, NULL); ++ close(tmpf_fd); ++ execlp("grep", "grep", all_extensions, (char *)NULL); + return; /* should not reach here */ + } + else { /* parent */ + close(pfd[0]); + close(pfd[1]); + /* wait children */ -+ wait_i = wait(0); -+ wait_j = wait(0); -+ if (!((wait_i == pid_i && wait_j == pid_j) || -+ (wait_i == pid_j && wait_j == pid_i))) { -+ fprintf(stderr, "Forked children status strange\n"); -+ return; -+ } -+ ++ waitpid(pid_i, 0, 0); ++ waitpid(pid_j, 0, 0); + } + } + bff = NULL; if (!g_file_test(tmpf, G_FILE_TEST_EXISTS)) { printf(_("Cannot open temporary file %s\n"), tmpf); -@@ -236,7 +316,10 @@ +@@ -236,7 +306,9 @@ { char *p, *bff = NULL, *esc; int len, i, idx = 0; - + + int pid; -+ int fd; + p = (char *)g_list_nth_data(pagelist, nr); len = strlen(p); esc = g_malloc(2*len + 1); -@@ -254,21 +337,42 @@ +@@ -254,21 +326,42 @@ printf(_("Requesting page %d/%d (%s)\n"), nr+1, g_list_length(pagelist), esc); @@ -157,29 +155,29 @@ + fprintf(stderr, "Forking failed\n"); + return; + case 0: /* child */ -+ if ((fd = creat(tmpf, 00600)) == -1) { ++ if ((tmpf_fd = open(tmpf, O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR)) == -1) { + p = g_strdup_printf(_("Cannot open file '%s'"), tmpf); + ok_dialog(_("File error"), p); + g_free(p); + return; + } + close(1); /* close stdout */ -+ if (dup(fd) != 1) { ++ if (dup(tmpf_fd) != 1) { + fprintf(stderr, "Dup failure\n"); + return; + } -+ close(fd); ++ close(tmpf_fd); + switch(pref.booktype) { + case RAR_FILE: + execlp("unrar", + "unrar", "p", "-ierr", "-clr", "--", -+ pref.lastbook, p, NULL); ++ pref.lastbook, p, (char *)NULL); + return; /* should not reach here */ + case ZIP_FILE: + execlp("unzip", + "unzip", "-p", "-C", -+ pref.lastbook, p, NULL); -+ return; /* should not return here */ ++ pref.lastbook, p, (char *)NULL); ++ return; /* should not reach here */ + } + return; /* should not reach here */ + default: /* parent */ diff --git a/cbrpager.spec b/cbrpager.spec index cb6e405..8feeba4 100644 --- a/cbrpager.spec +++ b/cbrpager.spec @@ -1,6 +1,6 @@ Name: cbrpager Version: 0.9.16 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Simple comic book pager for Linux Group: Amusements/Graphics @@ -82,7 +82,7 @@ desktop-file-install \ %changelog -* Fri May 23 2008 Mamoru Tasaka - 0.9.16-1 +* Fri May 23 2008 Mamoru Tasaka - 0.9.16-2 - 0.9.16 - Properly handle file name (shell escaping issue)