diff -rupN leptonica-1.74.4/src/allheaders.h leptonica-1.74.4-new/src/allheaders.h
--- leptonica-1.74.4/src/allheaders.h 2017-06-11 22:04:50.000000000 +0200
+++ leptonica-1.74.4-new/src/allheaders.h 2018-02-22 13:19:04.587885801 +0100
@@ -2635,6 +2635,7 @@ LEPT_DLL extern l_int32 stringJoinIP ( c
LEPT_DLL extern char * stringReverse ( const char *src );
LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr );
LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail );
+LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound );
LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars );
LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc );
LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc );
diff -rupN leptonica-1.74.4/src/gplot.c leptonica-1.74.4-new/src/gplot.c
--- leptonica-1.74.4/src/gplot.c 2017-06-11 22:04:50.000000000 +0200
+++ leptonica-1.74.4-new/src/gplot.c 2018-02-22 13:19:04.587885801 +0100
@@ -146,9 +146,10 @@ gplotCreate(const char *rootname,
const char *xlabel,
const char *ylabel)
{
-char *newroot;
-char buf[L_BUF_SIZE];
-GPLOT *gplot;
+char *newroot;
+char buf[L_BUF_SIZE];
+l_int32 badchar;
+GPLOT *gplot;
PROCNAME("gplotCreate");
@@ -157,6 +158,9 @@ GPLOT *gplot;
if (outformat != GPLOT_PNG && outformat != GPLOT_PS &&
outformat != GPLOT_EPS && outformat != GPLOT_LATEX)
return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL);
+ stringCheckForChars(rootname, "`;&|><\"?*", &badchar);
+ if (badchar) /* danger of command injection */
+ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL);
if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL)
return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL);
diff -rupN leptonica-1.74.4/src/utils2.c leptonica-1.74.4-new/src/utils2.c
--- leptonica-1.74.4/src/utils2.c 2017-06-11 22:04:50.000000000 +0200
+++ leptonica-1.74.4-new/src/utils2.c 2018-02-22 13:19:04.587885801 +0100
@@ -42,6 +42,7 @@
* l_int32 stringSplitOnToken()
*
* Find and replace string and array procs
+ * l_int32 stringCheckForChars()
* char *stringRemoveChars()
* l_int32 stringFindSubstr()
* char *stringReplaceSubstr()
@@ -699,6 +700,48 @@ char *saveptr;
* Find and replace procs *
*--------------------------------------------------------------------*/
/*!
+ * \brief stringCheckForChars()
+ *
+ * \param[in] src input string; can be of zero length
+ * \param[in] chars string of chars to be searched for in %src
+ * \param[out] pfound 1 if any characters are found; 0 otherwise
+ * \return 0 if OK, 1 on error
+ *
+ * <pre>
+ * Notes:
+ * (1) This can be used to sanitize an operation by checking for
+ * special characters that don't belong in a string.
+ * </pre>
+ */
+l_int32
+stringCheckForChars(const char *src,
+ const char *chars,
+ l_int32 *pfound)
+{
+char ch;
+l_int32 i, n;
+
+ PROCNAME("stringCheckForChars");
+
+ if (!pfound)
+ return ERROR_INT("&found not defined", procName, 1);
+ *pfound = FALSE;
+ if (!src || !chars)
+ return ERROR_INT("src and chars not both defined", procName, 1);
+
+ n = strlen(src);
+ for (i = 0; i < n; i++) {
+ ch = src[i];
+ if (strchr(chars, ch)) {
+ *pfound = TRUE;
+ break;
+ }
+ }
+ return 0;
+}
+
+
+/*!
* \brief stringRemoveChars()
*
* \param[in] src input string; can be of zero length